learn-terraform-provision-eks-cluster icon indicating copy to clipboard operation
learn-terraform-provision-eks-cluster copied to clipboard
verified publisher icon hashicorp

How to specify an AWS profile/role to be used when generating the EKS token?

Open radnov opened this issue 4 years ago • 0 comments

Background: I want to provide administrator access to the cluster to other users besides me (the creator). These other users have a "default" AWS User that assumes an AWS Role (with admin access to the cluster, similar to this setup) that is stored as a profile in their ~/.aws/credentials file.

They also need to be able to run terraform apply, but they are getting "Error: Unauthorized", because their default user is used to get the EKS token instead of the Role with admin access to the cluster.

Question: With the recent change to the kuberenetes.tf file what would be the proper way to pass a profile (or role) for the aws-iam-authenticator command?

Using the optional inputs kubeconfig_aws_authenticator_env_variables or kubeconfig_aws_authenticator_additional_args to the Terraform EKS module doesn't seem to affect what profile/role is used for authentication with the EKS cluster.

radnov avatar May 14 '21 15:05 radnov