Installing
aws-iam-authenticator
Amazon EKS uses IAM to provide authentication to your Kubernetes cluster through the
AWS IAM
authenticator for Kuberneteskubectl
client to work with Amazon EKS by installing the AWS IAM authenticator
for Kubernetes and modifying your
kubectl
configuration file to use it for authentication.
If you're running the AWS CLI version 1.16.156 or later, then
you don't need to install the authenticator. Instead, you can use the aws eks
get-token
command. For more information, see Create kubeconfig
manually.
If you're unable to use the AWS CLI version 1.16.156 or later to
create the kubeconfig
file, then you can install the AWS IAM authenticator
for Kubernetes on macOS, Linux, or Windows.
To install
with Homebrewaws-iam-authenticator
The easiest way to install the
is
with Homebrewaws-iam-authenticator
-
If you do not already have Homebrew
installed on your Mac, install it with the following command. /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
-
Install the
aws-iam-authenticator
with the following command.brew install aws-iam-authenticator
-
Test that the
aws-iam-authenticator
binary works.aws-iam-authenticator help
To install
on macOSaws-iam-authenticator
You can also install the AWS-vended version of the
aws-iam-authenticator
by following these steps.
-
Download the Amazon EKS vended
aws-iam-authenticator
binary from Amazon S3 using the command that corresponds to the Region that your cluster is in.-
All Regions other than China Regions.
curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/darwin/amd64/aws-iam-authenticator
-
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/darwin/amd64/aws-iam-authenticator
-
-
(Optional) Verify the downloaded binary with the SHA-256 sum provided in the same bucket prefix.
-
Download the SHA-256 sum for your system using the command that corresponds to the Region that your cluster is in.
-
All Regions other than China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/darwin/amd64/aws-iam-authenticator.sha256
-
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/darwin/amd64/aws-iam-authenticator.sha256
-
-
Check the SHA-256 sum for your downloaded binary.
openssl sha1 -sha256 aws-iam-authenticator
-
Compare the generated SHA-256 sum in the command output against your downloaded
aws-iam-authenticator.sha256
file. The two should match.
-
-
Apply execute permissions to the binary.
chmod +x ./aws-iam-authenticator
-
Copy the binary to a folder in your
$PATH
. We recommend creating a$HOME/bin/aws-iam-authenticator
and ensuring that$HOME/bin
comes first in your$PATH
.mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin
-
Add
$HOME/bin
to yourPATH
environment variable.echo 'export PATH=$PATH:$HOME/bin' >> ~/.bash_profile
-
Test that the
aws-iam-authenticator
binary works.aws-iam-authenticator help
To install
on Linuxaws-iam-authenticator
-
Download the Amazon EKS vended
aws-iam-authenticator
binary from Amazon S3 using the command that corresponds to the Region that your cluster is in. To download the Arm version, changeamd64
toarm64
before running the command.-
All Regions other than China Regions.
curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/aws-iam-authenticator
-
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/linux/amd64/aws-iam-authenticator
-
-
(Optional) Verify the downloaded binary with the SHA-256 sum provided in the same bucket prefix.
-
Download the SHA-256 sum for your system using the command that corresponds to the Region that your cluster is in. To download the Arm version, change
<amd64>
toarm64
before running the command.-
All Regions other than China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/aws-iam-authenticator.sha256
-
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/linux/amd64/aws-iam-authenticator.sha256
-
-
Check the SHA-256 sum for your downloaded binary.
openssl sha1 -sha256 aws-iam-authenticator
-
Compare the generated SHA-256 sum in the command output against your downloaded
aws-iam-authenticator.sha256
file. The two should match.
-
-
Apply execute permissions to the binary.
chmod +x ./aws-iam-authenticator
-
Copy the binary to a folder in your
$PATH
. We recommend creating a$HOME/bin/aws-iam-authenticator
and ensuring that$HOME/bin
comes first in your$PATH
.mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin
-
Add
$HOME/bin
to yourPATH
environment variable.echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
-
Test that the
aws-iam-authenticator
binary works.aws-iam-authenticator help
To install
on Windows with
Chocolateyaws-iam-authenticator
-
If you do not already have Chocolatey installed on your Windows system, see Installing chocolatey
. -
Open a PowerShell terminal window and install the
aws-iam-authenticator
package with the following command:choco install -y aws-iam-authenticator
-
Test that the
aws-iam-authenticator
binary works.aws-iam-authenticator help
To install
on Windowsaws-iam-authenticator
-
Open a PowerShell terminal window and download the Amazon EKS vended
aws-iam-authenticator
binary from Amazon S3 using the command that corresponds to the Region that your cluster is in.-
All Regions other than China Regions.
curl -o aws-iam-authenticator.exe https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/windows/amd64/aws-iam-authenticator.exe
-
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator.exe https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/windows/amd64/aws-iam-authenticator.exe
-
-
(Optional) Verify the downloaded binary with the SHA-256 sum provided in the same bucket prefix.
-
Download the SHA-256 sum for your system using the command that corresponds to the Region that your cluster is in.
-
All Regions other than China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/windows/amd64/aws-iam-authenticator.exe.sha256
-
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/windows/amd64/aws-iam-authenticator.exe.sha256
-
-
Check the SHA-256 sum for your downloaded binary.
Get-FileHash aws-iam-authenticator.exe
-
Compare the generated SHA-256 sum in the command output against your downloaded SHA-256 file. The two should match, although the PowerShell output will be uppercase.
-
-
Copy the binary to a folder in your
PATH
. If you have an existing directory in your PATH that you use for command line utilities, copy the binary to that directory. Otherwise, complete the following steps.-
Create a new directory for your command line binaries, such as
C:\bin
. -
Copy the
aws-iam-authenticator.exe
binary to your new directory. -
Edit your user or system PATH environment variable to add the new directory to your PATH.
-
Close your PowerShell terminal and open a new one to pick up the new PATH variable.
-
-
Test that the
aws-iam-authenticator
binary works.aws-iam-authenticator help
If you have an existing Amazon EKS cluster, create a kubeconfig
file for that
cluster. For more information, see Create a kubeconfig for
Amazon EKS. Otherwise, see Creating an Amazon EKS cluster to create a new Amazon EKS
cluster.