EKS Access for an IAM User

Creation of IAM User to access EKS Cluster.

STEP 1: Creating an IAM users from AWS Console

a. Sign in to the AWS Management Console and open the IAM console - https://console.aws.amazon.com/iam/.

b. In the navigation panel, choose Users and then choose Add User.

c. Type the username for the new user. This is same as the sign-in name for AWS.

Select Add_User

d. Select the type of access this set of users will have.

e. Create the user without any permission boundary.

Select Set_Permissions

f. Provide the required tags (optional)

Select Required_Tags

g. Click on Create User.

Select Review

h. Download the .csv file where we can have the access and secret key for the new user.

Select Account_Created

STEP 2: Creating a Policy for IAM User.

a. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

b. In the navigation panel on the left, choose Policies.

c. Choose Create policy.

d. Choose the JSON tab.

e. Type or paste a JSON policy document to allow the access of particluar EKS cluster.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"eks:ListClusters",
"eks:DescribeAddonVersions",
"eks:CreateCluster"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "eks:*",
"Resource": "EKS Cluster ARN Value"
}
]
}
Select Created_Policy

Note We can get the cluster ARN value from EKS section.

a. Choose the Elastic Kubernetes Service

b. Click on the cluster under Amazon EKS section

c. Select the Cluster

d. Click on the Configuration tab and get the ARN value

e. When you are finished, choose Next: Tags.

f. On the Review policy page, type a Name and a Description (optional) for the policy that you are creating. Review the policy Summary to see the permissions that are granted by your policy. Then choose Create policy to save your work.

STEP 3: Atacched the policy on a user.

a. Go to IAM Services and in the navigation panel, select the users on which we need to assign the permissions.

Attach_Permission

b. Click on Attach Policy and choose the newly created policy. Click on Attach Permission.

Choose_Policy

STEP 4: Add newly created user in EKS Cluster through CloudFormation.

a. Go on CloudFormation services and choose the Atlan Stack

b. Update the stack

Stack_Update

c. Use the current template and click on next.

d. Provide the user arn in AWS IAM User ARN to access EKS cluster through Kubectl section.

User_ARN

e. Click on Next > update > Finish.

STEP 4: Connecting to Running EKS cluster.

a. Setting up AWS cli, run this command and provide the Access ID and Secret Key of the IAM User having access to the EKS cluster.

$ aws configure

b. Run the following command to get the kubeconfig.

$ aws aws eks update-kubeconfig --region <EKS_REGION> --name <EKS_CLUSTER_NAME>

c. Verify the cluster

$ kubectl cluster-info