Stack Overflow
Stack Overflow

Questions tagged [aws-iam-authenticator]

22 questions
9
votes
2 answers

Passing EKS token to other kubectl cli commands

Say I get an EKS token using: aws eks get-token --region us-west-2 --cluster-name eks1 the result looks like: {"status": {"token": "k8s-aws-v1.aHR0.....Ni"}, "kind": "ExecCredential", "apiVersion": "client.authentication.k8s.io/v1alpha1", "spec":…
user5047085
7
votes
1 answer

Always getting error: You must be logged in to the server (Unauthorized) EKS

I am currently playing around with AWS EKS But I always get error: You must be logged in to the server (Unauthorized) when trying to run kubectl cluster-info command. I have read a lot of AWS documentation and look at lots of similar issues who face…
W.Phromma
  • 133
  • 1
  • 3
  • 8
3
votes
2 answers

Amazon Bedrock class can't load my credentials when called via Lambda function

So I created a lambda function for a script that essentially that allows a user to pass a query to amazon titan LLM on Amazon bedrock. Here is the content of my main.py file in my deployment package. from langchain.llms.bedrock import Bedrock import…
Mustapha Unubi Momoh
  • 125
  • 1
  • 9
3
votes
0 answers

Kubernetes client-go informers getting "Unauthorized" error after 15 mins

What happened? Kubernetes client-go informers getting unauthorized error after 15 mins. As per Kubernetes Client Go blogs and discussion we see the client go wil refresh the token after 15 mins but it is not happening. Any way to refresh the token…
jeevanragula
  • 62
  • 4
2
votes
1 answer

How can I decode and verify the signature of an AWS SigV4 request using node.js

My setup I have a request to an api gateway endpoint which is signed using AWS Sigv4 The headers for the request to look like this { "host": "localhost:3100", "connection": "keep-alive", "content-length": "78", "sec-ch-ua": "\"Google…
Simon Verhoeven
  • 347
  • 4
  • 16
2
votes
2 answers

Could not access AWS through IAM user

In chrome browser, logged into AWS account with user name(Administrator) part of Administrators group. Created an IAM user (Bob) with Custom managed policy(Demo1) as shown below: In firefox, tried to login with user Bob, below is the error: Bob is…
overexchange
  • 15,768
  • 30
  • 152
  • 347
1
vote
1 answer

Kubernetes informer fails with Unauthorized

I'm trying to construct a Kubernetes informer outside of the EKS cluster that it's watching. I'm using aws-iam-authenticator plugin to provide the exec-based credentials to the EKS cluster. For the plugin to work, I'm assuming an IAM role and…
tskuzzy
  • 35,812
  • 14
  • 73
  • 140
1
vote
1 answer

aws cli does not ask for MFA code on the test user

It was recent past that I started working on AWS IAM. My task is to ensure for a particular user, MFA code needs to be asked for all the commands when triggered from AWS CLI using temporary access credentials. Here is what I did, Using…
Hari
  • 441
  • 6
  • 15
1
vote
1 answer

aws-iam-authenticator returns already expired token - eks

We are running an EKS cluster with nodes created with a node group based on AWS autoscaling group. The cluster is created using eksctl. The node works ok and after a while, it fails to communicate to the Kubernetes API. Digging into the problem we…
Carlos Fau
  • 11
  • 1
1
vote
1 answer

aws-iam-authenticator & EKS

I've deployed a test EKS cluster with the appropiate configMap, and users that are SSO'd in can access the clusters via exporting session creds (AWS_ACCESS_KEY_ID, SECRET_ACCESS_KEY_ID, AWS_SESSION_TOKEN etc) and having the aws-iam-authenticator…
RomeNYRR
  • 877
  • 4
  • 19
  • 34
0
votes
0 answers

Overriding role arn in existing kubeconfig from aws cli/kubectl cli

I want to use existing kubeconfig but with different role arn to use iam authenticator in aws eks. I want to login cluster through automation but IAM authenticator is not updating role arn in kubeconfig. That is the reason I'm looking out ways to…
Mohan
  • 907
  • 5
  • 22
  • 45
0
votes
1 answer

when I am using accesskey and secret key the Amazon S3 signed URL validation is working fine which is 7 days but with IAM role it is expiring soon

Amazon S3 signed URL, when I am using accesskey and secret key the signed URL validation is working fine which is 7 days but with IAM role it is getting expired soon (within 1 day). I am expecting the similar result with both accesskey and IAM role
Ankit Rai
  • 3
  • 2
0
votes
0 answers

AWS API Gateway IAM Auth dropping Authorization header

I want to use IAM Auth in API Gateway for Machine 2 Machine authorization for internal components, the main driver for using IAM Auth is the way we can use resource policies with it and allowing Org OUs etc. to trigger the API Gateway which is not…
Tretti
  • 21
  • 2
0
votes
0 answers

APi gateway returns 403 with iam authorizer

I use oidc between github actions and aws to get temporary credentials. The role that is assumed has the following permissions. { "Effect": "Allow", "Action": [ "execute-api:Invoke" ], …
Geevis
  • 1
  • 1
0
votes
1 answer

Cannot connect to Kubernetes cluster even after setting up the context

My Kubernetes cluster is on AWS. I have setup the context using commands to connect to the Kubernetes cluster but still I am getting the following error: The connection to the server localhost:8080 was refused - did you specify the right host or…
Fahad
  • 5
  • 3
1
2