Installing
aws-iam-authenticator
Amazon EKS uses IAM to provide authentication to your Kubernetes cluster through the
AWS IAM
authenticator for Kuberneteskubectl
client to work with Amazon EKS by installing the AWS IAM authenticator
for Kubernetes and modifying your
kubectl
configuration file to use it for authentication.
If you're running the AWS CLI version 1.16.156 or later, then
you don't need to install the authenticator. Instead, you can use the aws eks
get-token command. For more information, see Create kubeconfig
manually.
If you're unable to use the AWS CLI version 1.16.156 or later to
create the kubeconfig file, then you can install the AWS IAM authenticator
for Kubernetes on macOS, Linux, or Windows.
To install
aws-iam-authenticator
The easiest way to install the aws-iam-authenticator
-
If you do not already have Homebrew
installed on your Mac, install it with the following command. /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" -
Install the
aws-iam-authenticatorwith the following command.brew install aws-iam-authenticator -
Test that the
aws-iam-authenticatorbinary works.aws-iam-authenticator help
To install aws-iam-authenticator
You can also install the AWS-vended version of the
aws-iam-authenticator by following these steps.
-
Download the Amazon EKS vended
aws-iam-authenticatorbinary from Amazon S3 using the command that corresponds to the Region that your cluster is in.-
All Regions other than China Regions.
curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/darwin/amd64/aws-iam-authenticator -
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/darwin/amd64/aws-iam-authenticator
-
-
(Optional) Verify the downloaded binary with the SHA-256 sum provided in the same bucket prefix.
-
Download the SHA-256 sum for your system using the command that corresponds to the Region that your cluster is in.
-
All Regions other than China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/darwin/amd64/aws-iam-authenticator.sha256 -
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/darwin/amd64/aws-iam-authenticator.sha256
-
-
Check the SHA-256 sum for your downloaded binary.
openssl sha1 -sha256 aws-iam-authenticator -
Compare the generated SHA-256 sum in the command output against your downloaded
aws-iam-authenticator.sha256file. The two should match.
-
-
Apply execute permissions to the binary.
chmod +x ./aws-iam-authenticator -
Copy the binary to a folder in your
$PATH. We recommend creating a$HOME/bin/aws-iam-authenticatorand ensuring that$HOME/bincomes first in your$PATH.mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin -
Add
$HOME/binto yourPATHenvironment variable.echo 'export PATH=$PATH:$HOME/bin' >> ~/.bash_profile -
Test that the
aws-iam-authenticatorbinary works.aws-iam-authenticator help
To install
aws-iam-authenticator
-
Download the Amazon EKS vended
aws-iam-authenticatorbinary from Amazon S3 using the command that corresponds to the Region that your cluster is in. To download the Arm version, changeamd64toarm64before running the command.-
All Regions other than China Regions.
curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/aws-iam-authenticator -
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/linux/amd64/aws-iam-authenticator
-
-
(Optional) Verify the downloaded binary with the SHA-256 sum provided in the same bucket prefix.
-
Download the SHA-256 sum for your system using the command that corresponds to the Region that your cluster is in. To download the Arm version, change
<amd64>toarm64before running the command.-
All Regions other than China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/aws-iam-authenticator.sha256 -
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/linux/amd64/aws-iam-authenticator.sha256
-
-
Check the SHA-256 sum for your downloaded binary.
openssl sha1 -sha256 aws-iam-authenticator -
Compare the generated SHA-256 sum in the command output against your downloaded
aws-iam-authenticator.sha256file. The two should match.
-
-
Apply execute permissions to the binary.
chmod +x ./aws-iam-authenticator -
Copy the binary to a folder in your
$PATH. We recommend creating a$HOME/bin/aws-iam-authenticatorand ensuring that$HOME/bincomes first in your$PATH.mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin -
Add
$HOME/binto yourPATHenvironment variable.echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc -
Test that the
aws-iam-authenticatorbinary works.aws-iam-authenticator help
To install
aws-iam-authenticator
-
If you do not already have Chocolatey installed on your Windows system, see Installing chocolatey
. -
Open a PowerShell terminal window and install the
aws-iam-authenticatorpackage with the following command:choco install -y aws-iam-authenticator -
Test that the
aws-iam-authenticatorbinary works.aws-iam-authenticator help
To install aws-iam-authenticator
-
Open a PowerShell terminal window and download the Amazon EKS vended
aws-iam-authenticatorbinary from Amazon S3 using the command that corresponds to the Region that your cluster is in.-
All Regions other than China Regions.
curl -o aws-iam-authenticator.exe https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/windows/amd64/aws-iam-authenticator.exe -
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator.exe https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/windows/amd64/aws-iam-authenticator.exe
-
-
(Optional) Verify the downloaded binary with the SHA-256 sum provided in the same bucket prefix.
-
Download the SHA-256 sum for your system using the command that corresponds to the Region that your cluster is in.
-
All Regions other than China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/windows/amd64/aws-iam-authenticator.exe.sha256 -
Beijing and Ningxia China Regions.
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3.cn-north-1.amazonaws.com.cn/1.18.9/2020-11-02/bin/windows/amd64/aws-iam-authenticator.exe.sha256
-
-
Check the SHA-256 sum for your downloaded binary.
Get-FileHash aws-iam-authenticator.exe -
Compare the generated SHA-256 sum in the command output against your downloaded SHA-256 file. The two should match, although the PowerShell output will be uppercase.
-
-
Copy the binary to a folder in your
PATH. If you have an existing directory in your PATH that you use for command line utilities, copy the binary to that directory. Otherwise, complete the following steps.-
Create a new directory for your command line binaries, such as
C:\bin. -
Copy the
aws-iam-authenticator.exebinary to your new directory. -
Edit your user or system PATH environment variable to add the new directory to your PATH.
-
Close your PowerShell terminal and open a new one to pick up the new PATH variable.
-
-
Test that the
aws-iam-authenticatorbinary works.aws-iam-authenticator help
If you have an existing Amazon EKS cluster, create a kubeconfig file for that
cluster. For more information, see Create a kubeconfig for
Amazon EKS. Otherwise, see Creating an Amazon EKS cluster to create a new Amazon EKS
cluster.
