How to add access to EKS aws-auth config map for users managed by IAM Identity Center
Question
I'm trying to authenticate users managed in AWS IAM Identity Center to AWS EKS (being in different AWS account then IAM Identity Center). Correct me if I'm wrong but IAM Idenity Center maps permissions (set as permission sets in account A) to roles in account B. So basically users assume role in the target account. I though that because of that I could just add role into aws-auth config map but that doesn't work, ie. as a user with assumed role I cannot see resources in AWS EKS console. The part I've added:
- groups:
- system:masters
rolearn: arn:aws:iam::xxxxxx:role/aws-reserved/sso.amazonaws.com/xxxxxx/AWSReservedSSO_AdministratorAccess_yyyyy // this is role which seems to be assumed by user configured in Identity Center
username: AWSReservedSSO_AdministratorAccess_yyyyy
What am I missing?
1 answers
solution1
1 2022-11-15 15:08:07
Just if anyone is looking for the solution I'm anwering my question: rolearn should have a format of: arn:aws:iam::xxxx:role/AWSReservedSSO_AdministratorAccess_yyyyy
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.