Difference between revisions of "Aws-auth configMap"

AWS IAM Authenticator for Kubernetes get information from aws-auth ConfigMap. https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

Examples

• kubectl edit -n kube-system configmap/aws-auth
• kubectl describe -n kube-system configmap/aws-auth
• kubectl -n kube-system get configmap aws-auth -o=yaml

Terraform

• Terraform EKS module: create_aws_auth_configmap
• Terraform resource: kubernetes_config_map_v1_data
• manage_aws_auth_configmap

Errors

• The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.
• Your current user or role does not have access to Kubernetes objects on this EKS cluster
• Error: Unauthorized

Activities

• Enabling IAM principal access to your cluster

Related

• eksct create iamidentitymapping
• EKS single sign-on using AWS SSO
• Terraform EKS module: aws_auth_roles
• Amazon EKS authorization
• eksctl get iamidentitymapping --cluster your-eks-cluster
• Error: getting auth ConfigMap: Unauthorized
• kind: ClusterRole
• HelmRoleArn and KubernetesRoleArn
• system:masters, system:serviceaccount:
• kubernetes_config_map

See also

• AWS IAM Authenticator for Kubernetes: aws-auth, kubectl edit -n kube-system configmap/aws-auth, eksctl create iamidentitymapping, mapUsers:, mapRoles:, mapAccounts:
• EKS RBAC, Amazon EKS authentication, Amazon EKS authorization, aws eks get-token, aws-auth ConfigMap, aws-iam-authenticator, eksctl create iamidentitymapping, eksctl get iamidentitymapping, eks:AccessKubernetesApi, eks-connector, K8s Cluster roles, AmazonEKSAdminPolicy, AmazonEKSClusterAdminPolicy