I am creating an AWS eks cluster using AWS cdk using the a federated SAML user.
I have tried adding a kubernetes manifest to update the aws-auth configmap within the eks stack cdk code but no success so far.
Once the eks cluster gets created, neither I have access to eksctl or kubectl.
When I login into aws console, the federated user show up like this -> <role-name>/<user-name>
<code>aws sts get-caller-identity outputs UserId as "XXXXXXXXXXXXXXXXXXXXX:<user-name>" and Arn as "arn:aws:sts::<account-id>:assumed-role/<role-name>/<user-name>"
</code>
<code>aws sts get-caller-identity outputs UserId as "XXXXXXXXXXXXXXXXXXXXX:<user-name>" and Arn as "arn:aws:sts::<account-id>:assumed-role/<role-name>/<user-name>"
</code>
aws sts get-caller-identity outputs UserId as "XXXXXXXXXXXXXXXXXXXXX:<user-name>" and Arn as "arn:aws:sts::<account-id>:assumed-role/<role-name>/<user-name>"
Code that I have tried so far:
<code> const mapRoles = yaml.stringify([
{
rolearn: 'arn:aws:iam::<account-id>:role/<role-name>',
username: '<user-name>',
groups: ['system:masters']
}
])
const awsAuthManifest = new eks.KubernetesManifest(this, 'AwsAuthConfigMap', {
cluster: this.cluster,
manifest: [
{
apiVersion: 'v1',
kind: 'ConfigMap',
metadata: {
name: 'aws-auth',
namespace: 'kube-system'
},
data: {
mapRoles
}
}
]
})
awsAuthManifest.node.addDependency(this.cluster)
</code>
<code> const mapRoles = yaml.stringify([
{
rolearn: 'arn:aws:iam::<account-id>:role/<role-name>',
username: '<user-name>',
groups: ['system:masters']
}
])
const awsAuthManifest = new eks.KubernetesManifest(this, 'AwsAuthConfigMap', {
cluster: this.cluster,
manifest: [
{
apiVersion: 'v1',
kind: 'ConfigMap',
metadata: {
name: 'aws-auth',
namespace: 'kube-system'
},
data: {
mapRoles
}
}
]
})
awsAuthManifest.node.addDependency(this.cluster)
</code>
const mapRoles = yaml.stringify([
{
rolearn: 'arn:aws:iam::<account-id>:role/<role-name>',
username: '<user-name>',
groups: ['system:masters']
}
])
const awsAuthManifest = new eks.KubernetesManifest(this, 'AwsAuthConfigMap', {
cluster: this.cluster,
manifest: [
{
apiVersion: 'v1',
kind: 'ConfigMap',
metadata: {
name: 'aws-auth',
namespace: 'kube-system'
},
data: {
mapRoles
}
}
]
})
awsAuthManifest.node.addDependency(this.cluster)