AWS role and user have not any policy,why I still can access K8s cluster?

Question

My question: I have not any permission,why I can access K8s

[vagrant@localhost ~]$ kubectl get deployment --namespace=development
No resources found in development namespace.

---

Things below are my configuration.

$ cat ~/.kube/config 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <my certificate-authority-data>
    server: https://2C1A77626A2087EBA1D1123EA9398DAF.gr7.ap-northeast-1.eks.amazonaws.com
  name: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
contexts:
- context:
    cluster: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
    user: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
  name: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
current-context: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
kind: Config
preferences: {}
users:
- name: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - --region
      - ap-northeast-1
      - eks
      - get-token
      - --cluster-name
      - eksworkshop-eksctl
      - --role
      - arn:aws:iam::056844949861:role/k8sDev
      command: aws

Here are my role and, nothing in Permissions:

Here is my user, just inline policy here:

here are my group and content of inline policy:

Answer 1

The reason you are able to access it is because the IAM user you are accessing the cluster is the same as the one used to create the cluster. The documenation states:

When you create an Amazon EKS cluster, the IAM entity user or role, such as a federated user that creates the cluster, is automatically granted system:masters permissions in the cluster's RBAC configuration.

In EKS, IAM users are used for authentication, but IAM roles do not control authorization. Authorization is still handled through the kubernetes RBAC system.