aws-auth configMap
AWS IAM Authenticator for Kubernetes get information from aws-auth
ConfigMap.
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
Examples
kubectl edit -n kube-system configmap/aws-auth
kubectl describe -n kube-system configmap/aws-auth
kubectl -n kube-system get configmap aws-auth -o=yaml
Terraform
- Terraform EKS module:
create_aws_auth_configmap
- Terraform resource:
kubernetes_config_map_v1_data
manage_aws_auth_configmap
Errors
The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.
Your current user or role does not have access to Kubernetes objects on this EKS cluster
- Error: Unauthorized
Activities
Related
eksct create iamidentitymapping
- EKS single sign-on using AWS SSO
- Terraform EKS module:
aws_auth_roles
- Amazon EKS authorization
eksctl get iamidentitymapping --cluster your-eks-cluster
Error: getting auth ConfigMap: Unauthorized
kind: ClusterRole
HelmRoleArn
andKubernetesRoleArn
system:masters, system:serviceaccount:
kubernetes_config_map
kubectl get configmap -n kube-system
- service-account-controller
- kubectl get clusterroles
See also
- AWS IAM Authenticator for Kubernetes:
aws-auth, kubectl edit -n kube-system configmap/aws-auth, eksctl create iamidentitymapping
,mapUsers:, mapRoles:, mapAccounts:
- EKS RBAC, Amazon EKS authentication, Amazon EKS authorization,
aws eks get-token, aws-auth ConfigMap, aws-iam-authenticator, eksctl create iamidentitymapping, eksctl get iamidentitymapping, eks:AccessKubernetesApi, eks-connector
, K8s Cluster roles,AmazonEKSAdminPolicy
,AmazonEKSClusterAdminPolicy
- Kubernetes Authentication,
kubectl create serviceaccount, kubectl get serviceaccounts, CertificateSigningRequest, aws-auth
, bearer tokens, EKS Authentication
Advertising: