Allow users with different admin AWS credentials to run cortex cluster commands

[deliahu]

trafficstars

Currently, if you install the CLI on a new machine and use different AWS credentials (with the AdministratorAccess IAM policy attached), running cortex cluster commands will not work. We link to a cortex docs page with instructions on how to address this (implemented in https://github.com/cortexlabs/cortex/pull/1392):

error: your aws iam user does not have access to this cluster; to grant access, see https://docs.cortex.dev/v/master/miscellaneous/security#running-cortex-cluster-commands-from-different-iam-users

It would be better if it just works out of the box (assuming that the new IAM user also has the AdministratorAccess IAM policy).

Relevant info:

• https://eksctl.io/usage/iam-identity-mappings/
• https://www.cloudjourney.io/articles/publiccloud/managing_eks_access-bs/
• https://aws.amazon.com/premiumsupport/knowledge-center/amazon-eks-cluster-access/
• https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html
• https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-policy-issues/
• https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
• https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

Possible solution:

• Assume the role of an IAM Role that has access to the cluster. There may already be one created (there is a role visible on the EKS console titled "Cluster IAM Role ARN"), or we may have to create one and grant access to it during cluster spin up.