Difference between revisions of "Terraform EKS module: aws auth roles"

List of role maps to add to the aws-auth configmap

https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest#input_aws_auth_roles

Official examples[edit]

 aws_auth_roles = [
   {
     rolearn  = "arn:aws:iam::66666666666:role/role1"
     username = "role1"
     groups   = ["system:masters"]
   },
 ]

  aws_auth_users = [
   {
     userarn  = "arn:aws:iam::66666666666:user/user1"
     username = "user1"
     groups   = ["system:masters"]
   },
   {
     userarn  = "arn:aws:iam::66666666666:user/user2"
     username = "user2"
     groups   = ["system:masters"]
   },
 ]

EKS karpenter official example[edit]

 manage_aws_auth_configmap = true
 aws_auth_roles = [
   # We need to add in the Karpenter node IAM role for nodes launched by Karpenter
   {
     rolearn  = module.karpenter.role_arn
     username = "system:node:Template:EC2PrivateDNSName"
     groups = [
       "system:bootstrappers",
       "system:nodes",
     ]
   },

Related[edit]

• aws_auth_users, aws_auth_accounts
• Amazon EKS authorization
• system:nodes, system:bootstrappers
• Terraform resource: aws_iam_role

See also[edit]

• system:, system:masters, system:controller:, system:anonymous, system:serviceaccount:, system:serviceaccounts:, system:bootstrappers, system:node, system:nodes, kubectl get clusterroles
• Terraform EKS module: manage_aws_auth_configmap, create_aws_auth_configmap, aws_auth_roles, aws_auth_users, aws_auth_accounts, module.eks, Amazon EKS Blueprints for Terraform, OIDC
• Terraform EKS: EKS module, EKS resources, EKS provider, EKS data sources