Presentations
Templates
Features
Teams
Pricing
Log in
Sign up
Log in
Sign up
Menu
Controlling EKS access with AWS IAM
Scenario
Existing KOPS cluster running for over a year
Cluster access managed by a slackbot which creates a kubernetes role behind the scene
Access is time based
Problems
No single source of truth for users
If someone leaves the organization, you may have to manually delete access
If your config expires, you have to regenerate a new one (not a big pain, but what if we avoid it)
Not enough problems ?
Lets move to EKS!
New Problems ? (or a solution)
Access is managed via aws-iam-authenticator using AWS IAMs
Each user's IAM Role must be added to the aws-auth configmap in the kube-system
What if we sync AWS IAM with EKS Auth
A solution for all the problems ...?
Let's create
iam-eks-user-mapper
github.com/MindTickle/iam-eks-user-mapper
What can it do
Sync kubernetes roles with AWS IAM groups
Support for multi AWS account setup
Give different access levels to different IAM groups
All EKS auth synced with AWS IAM
Thank You
@yashm95
Devops @
Yash Mehrotra
Controlling EKS access with AWS IAM
By Yash Mehrotra
Source:
Monica Gangwar
Controlling EKS access with AWS IAM
491
Yash Mehrotra
More from
Yash Mehrotra