Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to use IAM Groups? #262

Closed
prestonvanloon opened this issue Sep 2, 2019 · 2 comments
Closed

How to use IAM Groups? #262

prestonvanloon opened this issue Sep 2, 2019 · 2 comments

Comments

@prestonvanloon
Copy link

I have a group ARN that I want to give access to the EKS cluster. How can this be done?
@jclynny
Copy link

jclynny commented Sep 3, 2019

So for some reason, this isn't currently supported natively. EKS only supports users and roles. I made a role and put it into my aws-auth.yml and applied it. Then I made a group that has assume role for that role, then on the role in IAM I added a trust relationship to allow the entire account "root" to assume the role because you can't limit by IAM group, only by IAM user for Principal. At any rate, it took quite a while, but here are some things to get you started on it here:

FWIW, I'm not happy about the solution, but it's still better than managing individual users:

https://aws.amazon.com/premiumsupport/knowledge-center/amazon-eks-cluster-access/

By the way, this was already covered fully in another thread here: #176 (comment)

@prestonvanloon
Copy link
Author

@jclynny thanks for the feedback. I'll close this issue as a duplicate of #176.

This is really surprising and disappointing that groups are not supported!
Groups seem like the natural way to do ACL for users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prestonvanloon @jclynny