Amazon EKS
- Prerequisites: Have your AWS credentials ready, including access key and secret access key, with permissions to access the EKS_READER_ROLE.
- Configuring Playbooks: In the Playbooks dashboard, navigate to Integrations > AWS EKS. Enter your AWS access key ID, secret access key, specify the region of your EKS account and the EKS_READER_ROLE.
- Testing the Integration: Test the integration.
Note: For security reasons, it is recommended to create a new user with access attached to these permissions.
Steps to create a new user:
Step 1: Create a policy (AmazonEKSViewNodesAndWorkloadsPolicy) with this json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"eks:DescribeNodegroup",
"eks:ListNodegroups",
"eks:DescribeCluster",
"eks:ListClusters",
"eks:AccessKubernetesApi",
"ssm:GetParameter",
"eks:ListUpdates",
"eks:ListFargateProfiles"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "eks.amazonaws.com"
}
}
}
]
}Step 2: Create a role (eks-reader) with the above policy attached
Step 3: Create a another policy (AmazonEKSAssumeEKSReaderPolicy) in your IAM that allows assuming this role with the following json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Resource": "arn:aws:iam::<aws_account_id>:role/eks-reader"
}
]
}Step 4: Create a new user in your IAM with the above AmazonEKSAssumeEKSReaderPolicy attached
You don't need to add any group to the user.
Step 5: Once the user is created, create an access key by going to "Security Credentials".
Step 4: Select "Third-party service" while creating the key.
Step 5: Copy paste the access key and secret key in Playbooks Integrations page .
Updated 2 days ago