Authorise IAM user for all EKS clusters in an AWS account

1

We need to monitor nodes and pods in all clusters. To get this information, IAM user should be authorised using ClusterRoleBinding. As per our understanding, ClusterRoleBinding needs to be applied for every cluster in EKS separately to get access to a cluster for a specific IAM user. It also requires us to keep a watch on new cluster creation as authorisation needs to be done for new cluster as soon as it's added. This is very cumbersome. Is there any way by which an IAM user can be authorised for all EKS clusters in an AWS account in one step? Also, this user should get access to newly created clusters.

1 Answer
2
Accepted Answer

Hi,

The only way would be to automate the modification of the particular config file that modifies the aws-auth ConfigMap adding the particular user/role. For example if you are using CDK you can use the class AwsAuth to add roles/users at the cluster creation time. Here is an alternative with terraform.

If all the clusters are created with the same user/role, you could also create a recurrent tasks that lists all the EKS clusters and checks & modifies all the cluster to be compliant with the current IAM access allow.

Hope this helps!

AWS
answered 2 years ago
profile picture
EXPERT
reviewed 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions