Content Comparison

Since AWS does not manage credentials for API inside a cluster, Cloudaware Collector IAM role needs to be manually provided with read access to Kubernetes API on a cluster level. At that point, Cloudaware will be able to retrieve EKS Nodes, Pods and other details. Read more

...

...

Access entries

Use EKS access entries to manage the Kubernetes permissions of IAM principals from outside the cluster.

The cluster must meet one of the following requirements: a platform version equal to or later than those listed in the table below, or a Kubernetes version equal to or newer than those listed. Read more

To begin using access entries, change the authentication mode of the cluster to either the API_AND_CONFIG_MAP or API modes. Note that once the access entry method is enabled, it cannot be disabled. Read more

Migrate existing aws-auth ConfigMap entries to access entries. Read more

aws-auth ConfigMap (legacy)

...

Use aws-auth ConfigMap to manage the Kubernetes permissions of IAM principals from inside the cluster. For that, provide Cloudaware with read access to Kubernetes API on a cluster level using the Cloudaware Collector IAM role.

Full access

1. Ensure that the AWS credentials that kubectl is that Kubectl is using are already authorized for your cluster (the IAM user who created the cluster has the required permissions by default). Open the aws-auth:

...

groups - a list of groups within Kubernetes where the role is mapped to (doesn't require changes). Check Default Roles and Role Bindings for more information

Read-

...

only access

To grant read-only access for Cloudaware, allowing the creation of ClusterRole and ClusterRole Binding in Kubernetes:

...

Further Configuration