AwsAuth

class aws_cdk.aws_eks.AwsAuth(scope, id, *, cluster)

Bases: Construct

Manages mapping between IAM users and roles to Kubernetes RBAC configuration.

See:

https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_eks as eks

# cluster: eks.Cluster

aws_auth = eks.AwsAuth(self, "MyAwsAuth",
    cluster=cluster
)
Parameters:

  • scope (Construct) –

  • id (str) –

  • cluster (Cluster) – The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface]

Methods

add_account(account_id)

Additional AWS account to add to the aws-auth configmap.

Parameters:

account_id (str) – account number.

Return type:

None

add_masters_role(role, username=None)

Adds the specified IAM role to the system:masters RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system.

Parameters:

  • role (IRole) – The IAM role to add.

  • username (Optional[str]) – Optional user (defaults to the role ARN).

Return type:

None

add_role_mapping(role, *, groups, username=None)

Adds a mapping between an IAM role to a Kubernetes user and groups.

Parameters:

  • role (IRole) – The IAM role to map.

  • groups (Sequence[str]) – A list of groups within Kubernetes to which the role is mapped.

  • username (Optional[str]) – The user name within Kubernetes to map to the IAM role. Default: - By default, the user name is the ARN of the IAM role.

Return type:

None

add_user_mapping(user, *, groups, username=None)

Adds a mapping between an IAM user to a Kubernetes user and groups.

Parameters:

  • user (IUser) – The IAM user to map.

  • groups (Sequence[str]) – A list of groups within Kubernetes to which the role is mapped.

  • username (Optional[str]) – The user name within Kubernetes to map to the IAM role. Default: - By default, the user name is the ARN of the IAM role.

Return type:

None

to_string()

Returns a string representation of this construct.

Return type:

str

Attributes

node

The tree node.

Static Methods

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Construct.