EKS Access for an IAM User

How to create an IAM user to access an EKS cluster

STEP 1: Create an IAM user from the AWS Console

  1. Sign into the AWS Management Console and open the IAM console: https://console.aws.amazon.com/iam/.

  2. In the navigation panel, choose "Users", and then choose "Add User".

  3. Type the username for the new user. This is the same as the sign-in name for AWS.

Select Add_User
  1. Select the type of access that this set of users will have.

  2. Create the user (without any permission boundary).

Select Set_Permissions
  1. Provide the required tags (optional).

Select Required_Tags
  1. Click on "Create User".

Select Review
  1. Download the .csv file that has the Access ID and Secret Key for the new user.

Select Account_Created

STEP 2: Create a policy for the IAM user

  1. Sign in to the AWS Management Console and open the IAM console: https://console.aws.amazon.com/iam/.

  2. In the navigation panel on the left, choose "Policies".

  3. Choose "Create Policy".

  4. Choose the "JSON" tab.

  5. Type or paste a JSON policy document to allow access for a particular EKS cluster:

"Version": "2012-10-17",
"Statement": [
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"Resource": "*"
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "eks:*",
"Resource": "EKS Cluster ARN Value"
Select Created_Policy

๐Ÿ‘€ Note: You can get the cluster ARN value from the EKS section.

  1. Choose the "Elastic Kubernetes Service".

  2. Click on the cluster under the "Amazon EKS" section.

  3. Select the cluster.

  4. Click on the "Configuration" tab, and get the ARN value.

  5. When you are finished, choose "Next: Tags".

  6. On the "Review Policy" page, type a name and a description (optional) for the policy that you are creating.

  7. Review the policy summary to see the permissions that are granted by your policy, then choose "Create policy" to save your work.

STEP 3: Attach the policy to the user

  1. Go to "IAM Services". In the navigation panel, select the users to which you need to assign the permissions.

  1. Click on "Attach Policy" and choose the newly created policy, then click on "Attach Permission".


STEP 4: Add the newly created user in the EKS cluster through CloudFormation

  1. Go to CloudFormation services, and choose the Atlan Stack.

  2. Update the stack.

  1. Use the current template, and click on "Next".

  2. Provide the user ARN in the AWS IAM User ARN to access the EKS cluster through the Kubectl section.

  1. Click on "Next", then "Update", then "Finish".

๐Ÿ‘€ Note: If the update fails for the "LicensevalidateLambda" stack, then update the main stack and select the "Replace current template" option. For the template URL, use https://atlan.s3.amazonaws.com/deploy/cf/templates/main.yamlโ€‹

STEP 5: Connect to the running EKS cluster

  1. To set up the AWS CLI, run this command, then provide the Access ID and Secret Key of the IAM user with access to the EKS cluster.

$ aws configure
  1. Run the following command to get the kubeconfig:

$ aws eks update-kubeconfig --region <EKS_REGION> --name <EKS_CLUSTER_NAME>
  1. Verify the cluster:

$ kubectl cluster-info