IAM policy for managing EKS pods for users

Question

Does anyone know what resources need to be granted to a user in order to run kubectl commands on an EKS cluster?

At the moment, we have a couple of users who are associated with AdministratorAccess (which obviously gives them full access), but I want certain users to just be able to run things like:

kubectl get pods / delete pod / describe pod etc..

They shouldn't be able to manage the worker nodes at all.

Most of the documentation I see around EKS and IAM is to do with configuring EKS to have access to AWS resources, not users having access to EKS via kubectl ..

score 0 · Answer 1 · answered Oct 28 '19 at 00:11

0

Of course, I post a question, then I rephrase a Google search and I find the answer.

https://medium.com/faun/add-new-user-to-manage-aws-eks-e487c5d10ee3

It's about granting IAM roles to the kubernetes auth service.

answered Oct 28 '19 at 00:11

Trent

101
1

IAM policy for managing EKS pods for users

1 Answers1