| Info |
|---|
The article explains how to provide access to Amazon EKS Cluster for Cloudaware to discover EKS resources automatically. Read more |
| Table of Contents | ||
|---|---|---|
|
Access entries
Use access entries to manage the Kubernetes permissions of IAM principals from outside the cluster. Leverage AWS documentation to ensure that:
The cluster meets one of the requirements for using access entries (platform/Kubernetes versions).Read more
Ensure that the access entry as a cluster authentication mode is enabled in AWS.Read more
Existing aws-auth ConfigMap entries are migrated to access entries (optional). Read more
aws-auth ConfigMap (legacy)
All clusters created before the introduction of access entries have the ConfigMap method enabled. Use aws-auth ConfigMap to provide Cloudaware with access to Kubernetes cluster.
Full access
Ensure you have access to the cluster and are authorized to make changes.
1. Open the aws-auth:
| Code Block |
|---|
kubectl edit -n kube-system configmap/aws-auth |
...
ClusterRole cloudaware-reader grants read access to all resources within the cluster .
ClusterRoleBinding cloudaware-binding maps the aforementioned cluster role to Cloudaware User.
2. Run the following command:
...
<CLOUDAWARE_ROLE_ARN> in rolearn is a placeholder that needs to be replaced by your Cluster Role ARN.
To locate your CloudAware IAM role ARN, log in to your Cloudaware account → Admin. Go to Amazon Organizations & Accounts → the tab Accounts. Locate the AWS account where access to EKS should be granted → click SEE ALL in the column 'Connected Identities':
...