Difference between revisions of "Amazon Cloudformation EKS cluster role"
Jump to navigation
Jump to search
(8 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
− | Resources: | + | [[Resources:]] |
MyeksClusterRole: | MyeksClusterRole: | ||
− | Type: AWS::IAM::Role | + | Type: [[AWS::IAM::Role]] |
Properties: | Properties: | ||
AssumeRolePolicyDocument: | AssumeRolePolicyDocument: | ||
Line 23: | Line 23: | ||
- [[arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]] | - [[arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]] | ||
− | Outputs: | + | [[Outputs:]] |
− | RoleArn: | + | [[RoleArn:]] |
Description: The role that Amazon EKS will use to create AWS resources for Kubernetes clusters | Description: The role that Amazon EKS will use to create AWS resources for Kubernetes clusters | ||
Value: ![[GetAtt]] MyeksClusterRole.Arn | Value: ![[GetAtt]] MyeksClusterRole.Arn | ||
Export: | Export: | ||
Name: ![[Sub]] "${AWS::StackName}-RoleArn" | Name: ![[Sub]] "${AWS::StackName}-RoleArn" | ||
+ | |||
+ | == Web console options == | ||
+ | EKS - Allows EKS to manage clusters on your behalf. | ||
+ | EKS - Cluster - Allows access to other AWS service resources that are required to operate clusters managed by EKS. | ||
+ | EKS - Connector - Allows access to other AWS service resources that are required to connect to external clusters | ||
+ | EKS - Fargate pod - Allows access to other AWS service resources that are required to run Amazon EKS pods on AWS Fargate. | ||
+ | EKS - Fargate profile - Allows EKS to run Fargate tasks. | ||
+ | EKS - [[Nodegroup]] - Allow EKS to manage nodegroups on your behalf. | ||
== Related == | == Related == | ||
− | * <code>[[aws eks create-cluster]] | + | * <code>[[aws eks create-cluster]]</code> |
+ | * <code>[[aws iam create-role]]</code> | ||
== See also == | == See also == | ||
* {{EKS}} | * {{EKS}} | ||
+ | * {{aws iam}} | ||
[[Category:EKS]] | [[Category:EKS]] |
Latest revision as of 02:04, 16 February 2022
https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html#create-service-role
--- AWSTemplateFormatVersion: '2010-09-09' Description: 'Amazon EKS Cluster Role' Resources: MyeksClusterRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - eks.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonEKSClusterPolicy Outputs: RoleArn: Description: The role that Amazon EKS will use to create AWS resources for Kubernetes clusters Value: !GetAtt MyeksClusterRole.Arn Export: Name: !Sub "${AWS::StackName}-RoleArn"
Web console options[edit]
EKS - Allows EKS to manage clusters on your behalf. EKS - Cluster - Allows access to other AWS service resources that are required to operate clusters managed by EKS. EKS - Connector - Allows access to other AWS service resources that are required to connect to external clusters EKS - Fargate pod - Allows access to other AWS service resources that are required to run Amazon EKS pods on AWS Fargate. EKS - Fargate profile - Allows EKS to run Fargate tasks. EKS - Nodegroup - Allow EKS to manage nodegroups on your behalf.
Related[edit]
See also[edit]
- EKS,
eksctl
, EKS add-ons, Amazon EKS cluster role, Terraform EKS, Kubernetes Autoscaler, Karpenter, Terraform module: EKS, Terraform resource: aws eks node group, Terraform data source: aws_eks_cluster, AWS Controllers for Kubernetes, AWS Load Balancer Controller, Amazon EKS Anywhere, Kustomize,aws-iam-authenticator
, ACK, tEKS, Amazon EKS authorization, Amazon EKS authentication, Nodegroup, EKS storage,aws-ebs-csi-driver, aws-efs-csi-driver, aws-load-balancer-controller, amazon-vpc-cni-k8s
, EKS security, EKS Best Practices Guides,hardeneks
, EKS versions,fargate-scheduler
,eks-connector
, Resilience in Amazon EKS, EKS control plane logging, Security groups for Pods in EKS aws iam
[create-user
,create-group, get-user
,list-users
|list-policies
|list-attached-user-policies
|attach-user-policy
|list-attached-user-policies
|list-roles
|get-account-summary
|put-group-policy | put-role-policy | put-user-policy
|create-login-profile
|aws iam delete-virtual-mfa-device
|aws iam list-virtual-mfa-devices
|aws iam create-saml-provider
|aws iam list-account-aliases
|aws iam create-role | aws iam change-password| enable-mfa-device | list-instance-profiles
Advertising: