The general overview for what this tool does can be found here: https://ygrene.tech/mapping-iam-groups-to-eks-user-access-66fd745a6b77
- Have an AWS IAM Group with users that you want to have access to your EKS cluster (https://console.aws.amazon.com/iam/home?#/groups)
- Create a new IAM User with an IAM ReadOnly policy
- Replace the ACCESS_KEY_ID environment variable in
kubernetes/deployment.yamlwith your new generated user's access key id - Replace the
awsKey:variable indeployment/secret.yamlwith the base64 contents of your generated user's secret access key
$ echo -n "secretkey" | base64- Update the
AWS_REGIONenvironment variable inkubernetes/deployment.yamlif you aren't running inus-west-2with your EKS cluster - Edit the
kubernetes/deployment.yamlcommand:with both the IAM group name you want to provide access to, and the Kubernetes group each user in the group should be mapped to. (there is an example in the manifest already) - Finally:
$ kubectl apply -f kubernetes/- Rejoice, now user management will be a bit easier.
Raise a PR or file an issue, I'd love to help!