Skip to main content
Skip table of contents

Grant Cluster Access

These pages refer to DKP Enterprise and DKP Gov Advanced products.

How to Grant EKS Cluster Access

You can access your cluster using AWS IAM roles in the dashboard. When you create an EKS cluster, the IAM entity is granted system:masters permissions in Kubernetes Role Based Access Control (RBAC) configuration.

More information about the configuration of the EKS control plane can be found on the EKS Cluster IAM Policies and Roles page.

If the EKS cluster was created as a cluster using a self-managed AWS cluster that uses IAM Instance Profiles, you will need to modify the IAMAuthenticatorConfig field in the AWSManagedControlPlane API object to allow other IAM entities to access the EKS workload cluster. Follow the steps below:

  1. Run the following command with your KUBECONFIG configured to select the self-managed cluster previously used to create the workload EKS cluster. Ensure you substitute ${CLUSTER_NAME} and ${CLUSTER_NAMESPACE} with their corresponding values for your cluster.

    CODE
    kubectl edit awsmanagedcontrolplane ${CLUSTER_NAME}-control-plane -n ${CLUSTER_NAMESPACE}
  2. Edit the IamAuthenticatorConfig field with the IAM Role to the corresponding Kubernetes Role. In this example, the IAM role arn:aws:iam::111122223333:role/PowerUser is granted the cluster role system:masters. Note that this example uses example AWS resource ARNs, so these values should be substituted for real values in the corresponding AWS account.

    CODE
    iamAuthenticatorConfig:
        mapRoles:
          - groups:
            - system:bootstrappers
            - system:nodes
            rolearn: arn:aws:iam::111122223333:role/my-node-role
            username: system:node:{{EC2PrivateDNSName}}
          - groups:
            - system:masters
            rolearn: arn:aws:iam::111122223333:role/PowerUser
            username: admin

For further instructions on changing or assigning roles or clusterroles to which you can map IAM users or roles, see Amazon Enabling IAM access to your cluster.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.