I deployed a EKS cluster and I'd like to add more IAM users to the role. I read this doc https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html and it mentioned how to map IAM users or roles to k8s but it doesn't say how to map IAM group. Is it not supported? or is there a way to do that? I don't want to map many users one by one. When a new user join the team, I just move them to the IAM group without changing anything in EKS.
1 Answers
3
votes
You can't. You can only map roles and users. Directly from the documentation you linked:
- Add your IAM users, roles, or AWS accounts to the configMap. You cannot add IAM groups to the configMap.
The easiest workaround would be to have a different IAM role for each group and only grant that group the ability to assume that role.
