EKS: Grant Cluster Access

How to Grant EKS Cluster Access
You can access your cluster using AWS IAM roles in the dashboard.   When you create an EKS cluster, the IAM entity is granted system:masters permissions in Kubernetes Role Based Access Control (RBAC) configuration. 
More information about the configuration of the EKS control plane can be found on the EKS Cluster IAM Policies and Roles page.
If the EKS cluster was created as a cluster using a self-managed AWS cluster that uses IAM Instance Profiles, you will need to modify the IAMAuthenticatorConfig field in the AWSManagedControlPlane API object to allow other IAM entities to access the EKS workload cluster.  Follow the steps below:
- Run the following command with your - KUBECONFIGconfigured to select the self-managed cluster previously used to create the workload EKS cluster. Ensure you substitute- ${CLUSTER_NAME}and- ${CLUSTER_NAMESPACE}with their corresponding values for your cluster.CODE- kubectl edit awsmanagedcontrolplane ${CLUSTER_NAME}-control-plane -n ${CLUSTER_NAMESPACE}
- Edit the - IamAuthenticatorConfigfield with the IAM Role to the corresponding Kubernetes Role. In this example, the IAM role- arn:aws:iam::111122223333:role/PowerUseris granted the cluster role- system:masters. Note that this example uses example AWS resource ARNs, so these values should be substituted for real values in the corresponding AWS account.CODE- iamAuthenticatorConfig: mapRoles: - groups: - system:bootstrappers - system:nodes rolearn: arn:aws:iam::111122223333:role/my-node-role username: system:node:{{EC2PrivateDNSName}} - groups: - system:masters rolearn: arn:aws:iam::111122223333:role/PowerUser username: admin
For further instructions on changing or assigning roles or clusterroles to which you can map IAM users or roles, see Amazon Enabling IAM access to your cluster.
