- Newest
- Most votes
- Most comments
To fix this, you'll need to ensure that the IAM role associated with the "PowerDevelopers" group has the right permissions for EKS access. This might involve modifying the existing PowerUserAccess policy or creating a custom policy that grants the required permissions.
Once you've updated the permissions, test access again to make sure users in the "PowerDevelopers" group can now list pods and other resources without any errors.
Remember to regularly review and update IAM policies to ensure users have the appropriate permissions for their roles.
By following these steps, you should be able to resolve the permissions issue and allow smooth access to resources in your EKS cluster for your "PowerDevelopers" group. If you need further assistance, consider reaching out to AWS support for guidance.
I logged a support ticket with AWS, seems the answer is this:
https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html#creating-access-entries
So in my particular example it was:
Console > EKS > Cluster > Access (This is in the middle on the tabs bar) > IAM Access Entries > Create Access Entry.
Then within the menu here:
IAM Principle ARN: this would be AWSReservedSSO_PowerDeveloperAccess_uniqueid
I presume if your doing it via AWS CLI you can follow the CLI instructions and may need to full arn.
Type: Standard
Add any tags if you wish
Then select next add the policy you wish to apply and the access scope and test on the PowerDeveloper Role.
Relevant content
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago