Manage access - Amazon EKS

Help improve this page

Want to contribute to this user guide? Scroll to the bottom of this page and select Edit this page on GitHub. Your contributions will help make our user guide better for everyone.

Manage access

Learn how to manage access to your Amazon EKS cluster. Using Amazon EKS requires knowledge of how both Kubernetes and AWS Identity and Access Management (AWS IAM) handle access control.

This section includes:

Grant access to Kubernetes APIs Learn how to enable applications or users to authenticate to the Kubernetes API. You can use access entries, the aws-auth ConfigMap, or an external OIDC provider.

Creating or updating a kubeconfig file for an Amazon EKS clusterLearn how to configure kubectl to communicate with your Amazon EKS cluster. Use the AWS CLI to create a kubeconfig file.

Grant Kubernetes workloads access to AWS using Kubernetes Service Accounts Learn how to associate a Kubernetes service account with AWS IAM Roles. You can use Pod Identity or IAM Roles for Service Accounts (IRSA).

Common Tasks:

  • Grant developers access to the Kubernetes API. View Kubernetes resources in the AWS Management Console.

    • Solution: Use Access Entries to associate Kubernetes RBAC permissions with AWS IAM Users or Roles.

  • Configure kubectl to talk to an Amazon EKS cluster using AWS Credentials.

  • Use an external identity provider, such as Ping Identity, to authenticate users to the Kubernetes API.

  • Grant workloads on your Kubernetes cluster the ability to call AWS APIs.

    • Solution: Use Pod Identity to associate an AWS IAM Role to a Kubernetes Service Account.