Cluster Access for Multiple AWS Users
It’s common for team members to share the use of a cluster. For team members to share a cluster, the cluster owner must grant access to each user:
-
Get the ARNs and names of users who need access to your cluster.
-
Set the Kubernetes context to your Amazon EKS cluster.
-
Edit the authorization configuration map for the cluster using the kubectl edit command:
$ kubectl edit -n kube-system configmap/aws-auth
-
Under the
mapRoles
section, insert themapUser
section. An example is shown here with the following parameters:-
The user ARN is
arn:aws:iam::012345678901:user/new.user
. -
The user name registered in AWS is
new.user
.… mapUsers: | - userarn: arn:aws:iam::012345678901:user/new.user username: new.user groups: - system:masters …
-
-
For each additional user, insert the
- userarn:
entry in themapUsers:
section:… mapUsers: | - userarn: arn:aws:iam::012345678901:user/new.user username: new.user groups: - system:masters - userarn: arn:aws:iam::901234567890:user/second.user username: second.user groups: - system:masters …
-
Save the configuration map.