如何将 map IAM 组添加到 AWS 中的 EKS 集群?
[英]How can I map IAM group to EKS cluster in AWS?
问题描述
I deployed a EKS cluster and I'd like to add more IAM users to the role.
我部署了一个 EKS 集群,我想向该角色添加更多 IAM 用户。 I read this doc https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html and it mentioned how to map IAM users or roles to k8s but it doesn't say how to map IAM group. I read this doc https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html and it mentioned how to map IAM users or roles to k8s but it doesn't say how to map IAM 组。 Is it not supported?不支持吗? or is there a way to do that?还是有办法做到这一点? I don't want to map many users one by one.我不想 map 很多用户一个一个。 When a new user join the team, I just move them to the IAM group without changing anything in EKS.当有新用户加入团队时,我只是将他们移至 IAM 组,而不更改 EKS 中的任何内容。
2 个解决方案
解决方案1
3 已采纳 2021-05-19 03:00:12
You can't.你不能。 You can only map roles and users.您只能 map 角色和用户。 Directly from the documentation you linked:直接来自您链接的文档:
- Add your IAM users, roles, or AWS accounts to the configMap.
The easiest workaround would be to have a different IAM role for each group and only grant that group the ability to assume that role.最简单的解决方法是为每个组设置不同的 IAM 角色,并仅授予该组担任该角色的能力。
解决方案2
0 2022-07-08 08:31:14
There is no simple and standardized implementation for this.对此没有简单和标准化的实现。
I've written a blog post that addresses your exact question - Enabling AWS IAM Group Access to an EKS Cluster Using RBAC我写了一篇博客文章来解决您的确切问题 - 使用 RBAC 启用 AWS IAM 组访问 EKS 集群
The blog covers the issue and the possible solutions.该博客涵盖了该问题和可能的解决方案。 The solution we chose was to use an IAM role for each group and using a nice trick to assume it only for kubectl calls.我们选择的解决方案是为每个组使用一个 IAM 角色,并使用一个很好的技巧来假设它只用于kubectl调用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.