Adding cross-account access to EKS

#eks #iam #aws #kubernetes

introduction

When you want your users in IAM to access EKS cluster in another account, its very simple to do via cross account role.
This assumes you have already created the role in account B to users in account A.

steps to access EKS in second account

first make sure you have a IAM role cross-account-role created in Account B and having added trusted relationship for users in that you would like to from account A to access it.
Once thats done , make sure you have access to the EKS cluster in account B(this needs to be done in order to edit the permissions of EKS).
now edit the aws-auth configmap of that EKS cluster as:
```
kubectl edit -n kube-system configmaps aws-auth
```

add following lines under mapRoles to add the role created in step#1:

- "groups":
  - "system:masters"
  - "system:nodes"
  "rolearn": "arn:aws:iam::Account B:role/cross-account-role"

try setting the new cross-account for account B in ~/.aws/credentials :

[account-B]
role_arn = arn:aws:iam::Account B:role/cross-accountrole
region = us-west-2
source_profile = account-A

export this profile on terminal and add the EKS cluster config :

export AWS_PROFILE=account-B
aws eks update-kubeconfig --name name-of-eks-cluster-in-account-B

try running kubectl now:
```
kubectl get ns
kubectl get pods
```

DEV Community

Adding cross-account access to EKS

introduction

steps to access EKS in second account

Top comments (0)

Read next

How to Pull Resources from AWS SSM Parameter Store in AWS SAM

Amazon Redshift introduces query identifiers for improved query performance monitoring.

How to Host a Static Website Using AWS CLI in Less Than 5 Minutes

Prometheus vs CloudWatch for Cloud Native Applications (Updated in 2024)