[EKS] [request]: Ability to create custom EKS access policies

[kpanic9]

Tell us about your request We have recently started using the EKS access entries for allowing IAM entities access the EKS cluster control plane. But at the moment there are only few predefined access policies we can use. We would like to have the ability to create custom access policies.

Which service(s) is this request for? EKS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We are a platform team building EKS clusters for application teams. When we provision an EKS cluster, we would like to provide controlled access to (beyond what's available in predefined access policies, eg: to a specific namespace and to a specific set of resources) to the dev teams using the cluster at the time of provisioning the clusters. The current solution we use have the necessary configurations in few places and done in different stages. It would be great if we can provision dev team access while provisioning the clusters.

Are you currently working around this issue? How are you currently solving this problem? At the moment we are solving this problem by creating K8s RBAC resources and assigning k8s group names to IAM entities using access entries.