Open
Description
I have an IAM user named Alice, and she's a member of the IAM group eks-admin.
The following configuration works, but when I remove Alice from mapUsers, kubectl commands give me the error error: You must be logged in to the server (Unauthorized).
Can't I add an IAM group to this ConfigMap, just like I can add a user or role?
aws sts get-caller-identity
{
"Account": "123456789012",
"UserId": "AIDAxxxxxxxxxxxxxxx",
"Arn": "arn:aws:iam::123456789012:user/Alice"
}
apiVersion: v1
data:
mapRoles: |
- rolearn: arn:aws:iam::123456789012:role/EKS-WorkerNodes-NodeInstanceRole-1R46GDBD928V5
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
mapUsers: |
- userarn: arn:aws:iam::123456789012:user/Alice
username: alice
groups:
- system:masters
- userarn: arn:aws:iam::123456789012:group/eks-admin
username: eks-admin
groups:
- system:masters