Difference between revisions of "MapRoles:"
Jump to navigation
Jump to search
↑ https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
+ | |||
+ | Official example<ref>https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html</ref>: | ||
+ | |||
+ | mapRoles: | | ||
+ | - groups: | ||
+ | - [[system:bootstrappers]] | ||
+ | - [[system:nodes]] | ||
+ | rolearn: arn:aws:iam::111122223333:role/my-node-role | ||
+ | username: [[system:node]]:<nowiki>{{EC2PrivateDNSName}}</nowiki> | ||
+ | |||
+ | == Examples == | ||
{{MapUsers and mapRoles}} | {{MapUsers and mapRoles}} | ||
− | + | {{aws_auth_extra_roles_input}} | |
− | + | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Related == | == Related == | ||
* <code>[[mapAccounts:]]</code> | * <code>[[mapAccounts:]]</code> | ||
+ | * <code>[[Error: reading inline policies for IAM]]</code> | ||
== See also == | == See also == |
Latest revision as of 15:13, 21 December 2023
Official example[1]:
mapRoles: | - groups: - system:bootstrappers - system:nodes rolearn: arn:aws:iam::111122223333:role/my-node-role username: system:node:{{EC2PrivateDNSName}}
Examples[edit]
mapUsers: | - userarn: arn:aws:iam::XXXXXXXXXXXX:user/your-aws-user username: your-k8s-new-user-with-master-privileges groups: - system:masters mapRoles: | - rolearn: arn:aws:iam::XXXXXXXXXXXX:role/your-aws-role username: your-new-k8s-user-with-master groups: - system:masters
inputs = { aws_auth_extra_roles = <<-EOF mapUsers: | - userarn: arn:aws:iam::XXXXXXXXXXXX:user/your-aws-user username: your-k8s-new-user-with-master-privileges groups: - system:masters EOF }
Related[edit]
See also[edit]
mapUsers:, mapRoles:, mapAccounts:
- AWS IAM Authenticator for Kubernetes:
aws-auth, kubectl edit -n kube-system configmap/aws-auth, eksctl create iamidentitymapping
,mapUsers:, mapRoles:, mapAccounts:
Advertising: