Streamline and enhance cluster access control by exclusively enabling the Cluster Access Management API for your Amazon EKS clusters. This API simplifies, secures, and scales Amazon EKS access, replacing the error-prone "aws-auth" configMap method.
The Cluster Access Management API for Amazon EKS is replacing the traditional "aws-auth" configuration map by streamlining the integration of AWS IAM identities with Kubernetes Role-Based Access Controls (RBAC), offering granular, centralized authentication and authorization for teams and users. This reduces operational overhead and enables adherence to the Principle of Least Privilege (POLP).
Audit
To determine whether the Cluster Access Management API is the only authentication method configured for your Amazon EKS clusters, perform the following operations:
Remediation / Resolution
To ensure that your Amazon EKS clusters are exclusively using the Cluster Access Management API for authentication, perform the following operations:
References
- AWS Documentation
- Amazon EKS FAQs
- Organize workloads with Amazon EKS clusters
- Understanding Cluster Access Management API
- Managing cluster access
- Grant IAM users and roles access to Kubernetes APIs
- Change authentication mode to use access entries
- Create access entries
- AWS Command Line Interface (CLI) Documentation
- list-clusters
- describe-cluster
- update-cluster-config
- create-access-entry