Difference between revisions of "MapRoles:"
Jump to navigation
Jump to search
↑ https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
+ | |||
+ | Official example<ref>https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html</ref>: | ||
+ | |||
+ | mapRoles: | | ||
+ | - groups: | ||
+ | - [[system:bootstrappers]] | ||
+ | - [[system:nodes]] | ||
+ | rolearn: arn:aws:iam::111122223333:role/my-node-role | ||
+ | username: [[system:node]]:<nowiki>{{EC2PrivateDNSName}}</nowiki> | ||
+ | |||
+ | == Examples == | ||
{{MapUsers and mapRoles}} | {{MapUsers and mapRoles}} | ||
− | + | {{aws_auth_extra_roles_input}} | |
− | + | ||
− | + | ||
− | + | == Related == | |
− | + | * <code>[[mapAccounts:]]</code> | |
− | + | * <code>[[Error: reading inline policies for IAM]]</code> | |
− | |||
− | |||
− | |||
− | |||
== See also == | == See also == | ||
+ | * {{aws-auth maps}} | ||
* {{aws-auth}} | * {{aws-auth}} | ||
− | |||
[[Category:K8s]] | [[Category:K8s]] |
Latest revision as of 15:13, 21 December 2023
Official example[1]:
mapRoles: | - groups: - system:bootstrappers - system:nodes rolearn: arn:aws:iam::111122223333:role/my-node-role username: system:node:{{EC2PrivateDNSName}}
Examples[edit]
mapUsers: | - userarn: arn:aws:iam::XXXXXXXXXXXX:user/your-aws-user username: your-k8s-new-user-with-master-privileges groups: - system:masters mapRoles: | - rolearn: arn:aws:iam::XXXXXXXXXXXX:role/your-aws-role username: your-new-k8s-user-with-master groups: - system:masters
inputs = { aws_auth_extra_roles = <<-EOF mapUsers: | - userarn: arn:aws:iam::XXXXXXXXXXXX:user/your-aws-user username: your-k8s-new-user-with-master-privileges groups: - system:masters EOF }
Related[edit]
See also[edit]
mapUsers:, mapRoles:, mapAccounts:
- AWS IAM Authenticator for Kubernetes:
aws-auth, kubectl edit -n kube-system configmap/aws-auth, eksctl create iamidentitymapping
,mapUsers:, mapRoles:, mapAccounts:
Advertising: