Difference between revisions of "Aws-auth configMap"

AWS IAM Authenticator for Kubernetes get information from aws-auth ConfigMap. https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

Examples[edit]

• kubectl edit -n kube-system configmap/aws-auth
• kubectl describe -n kube-system configmap/aws-auth
• kubectl -n kube-system get configmap aws-auth -o=yaml

Terraform[edit]

• Terraform EKS module: create_aws_auth_configmap, manage_aws_auth_configmap
• Terraform resource: kubernetes_config_map_v1_data

Errors[edit]

• The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.
• Your current user or role does not have access to Kubernetes objects on this EKS cluster
• Error: Unauthorized

Activities[edit]

• Enabling IAM principal access to your cluster

Related[edit]

• eksct create iamidentitymapping
• EKS single sign-on using AWS SSO
• Terraform EKS module: aws_auth_roles
• Amazon EKS authorization
• eksctl get iamidentitymapping --cluster your-eks-cluster
• Error: getting auth ConfigMap: Unauthorized
• kind: ClusterRole
• HelmRoleArn and KubernetesRoleArn
• system:masters, system:serviceaccount:
• kubernetes_config_map
• kubectl get configmap -n kube-system
• service-account-controller
• kubectl get clusterroles
• cluster_endpoint_public_access

See also[edit]

• AWS IAM Authenticator for Kubernetes: aws-auth, kubectl edit -n kube-system configmap/aws-auth, eksctl create iamidentitymapping, mapUsers:, mapRoles:, mapAccounts:
• EKS RBAC, Amazon EKS authentication, Amazon EKS authorization, aws eks get-token, aws-auth ConfigMap, aws-iam-authenticator, eksctl create iamidentitymapping, eksctl get iamidentitymapping, eks:AccessKubernetesApi, eks-connector, K8s Cluster roles, AmazonEKSAdminPolicy, AmazonEKSClusterAdminPolicy
• Kubernetes Authentication, kubectl create serviceaccount, kubectl get serviceaccounts, CertificateSigningRequest, aws-auth, bearer tokens, EKS Authentication