...
1.2 Add CloudAware IAM role to the configMapConfigMap.
a. To locate CloudAware IAM role ARN, log in to your Cloudaware account → Admin (under your username in the upper right corner) → Amazon accounts → locate AWS account where the access to EKS should be granted → click SEE ALL in column 'Connected Identities':
...
b. To add an IAM role: add the role details to the mapRoles section of the ConfigMap , under data. Use the section below if it does is not already exist present in the file:
| Code Block |
|---|
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
- rolearn: <CLOUDAWARE_ROLE_ARN>
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:masters |
...
rolearn - the ARN of the IAM role to addbe added
username - the user name username within Kubernetes to map be mapped to the IAM role
groups - a list of groups within Kubernetes to which where the role is mapped to. Read Default Roles and Role Bindings in the Kubernetes documentation for more information.
2. In case you would like to grant the read-only access for Cloudaware to allow allowing creation of ClusterRole and ClusterRole Binding in Kubernetes, use the section below:
...