-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[New Resource]: Add EKS cluster IAM access management API resources #34982
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
Likely also need to update the cluster config resources to support setting the authenticationMode right? |
Hey @sidewinder12s, Yes, I have mentioned that in the issue description:
|
cc @wellsiau-aws / @meetreks - if you want to open the PR now |
@meetreks and @sasidhar-aws is actively working on this |
Access entry requires a lot more params, most of them optional, compared to what's requested here. I.e.: resource aws_eks_access_entry example {
iam_role = arn:aws:iam::012345678910:role/MyRole
username = "my-other-username" (optional)
kubernetes_groups = "my-other-group" (optional)
type = "" (optional, options are:
EC2_LINUX
EC2_WINDOWS
FARGATE_LINUX
STANDARD
)
} As entries for node bootstrap also need to be supported. Same with Here's a good doc on what is covered by this change: aws/containers-roadmap#185 (comment) |
This functionality has been released in v5.33.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
FYI there are comments on #35037 suggesting that this hasn't been implemented correctly. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Description
AWS Announced new EKS feature that simplifies controls for IAM cluster access management, and AWS SDK Go v2 has been released including this feature.
As a prerequisite the
authenticationMode
of the cluster should be eitherAPI
orAPI_AND_CONFIG_MAP
Requested Resource(s) and/or Data Source(s)
1-
access_entry
2-
access_policy_association
where
XXXX
=AmazonEKSAdminPolicy
,AmazonEKSClusterAdminPolicy
,AmazonEKSEditPolicy
orAmazonEKSViewPolicy
Potential Terraform Configuration
No response
References
1- Announcement: https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-eks-controls-iam-cluster-access-management/
2- Blog post: https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/
3- AWS SDK go v2 CHANGELOG: https://github.com/aws/aws-sdk-go-v2/blob/main/service/eks/CHANGELOG.md#v1360-2023-12-18
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: