I deployed a EKS cluster via a IAM user and need to give full cluster permission to other aws sso users. I followed this instruction https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html but still can't make it work.
I got below error when run this command by a sso user:
$ kubectl get pods
error: You must be logged in to the server (Unauthorized)
In the doc they say to create aws-auth ConfigMap to map the role as below. But I am not sure what the role arn I should specify. I am using EKS + Fargate so there is no node group or node instance in my cluster. So what kind of role should I specify in below configuration>
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
- rolearn: <ARN of instance role (not instance profile)>
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
