EKS Add User VS. Role: How to Add IAM User and IAM Role to AWS EKS Cluster?

Рет қаралды 25,147

Күн бұрын

🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: • AWS EKS Kubernetes Tut...
▬▬▬▬▬ Experience & Location 💼 ▬▬▬▬▬
► I’m a Senior Software Engineer at Juniper Networks (12+ years of experience)
► Located in San Francisco Bay Area, CA (US citizen)
▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬
► LinkedIn: / anton-putra
► Twitter/X: / antonvputra
► GitHub: github.com/antonputra
► Email: me@antonputra.com
▬▬▬▬▬▬ Related videos 👨‍🏫 ▬▬▬▬▬▬
👉 [Playlist] Kubernetes Tutorials: • Kubernetes Tutorials
👉 [Playlist] Terraform Tutorials: • Terraform Tutorials fo...
👉 [Playlist] Network Tutorials: • Network Tutorials
👉 [Playlist] Apache Kafka Tutorials: • Apache Kafka Tutorials
👉 [Playlist] Performance Benchmarks: • Performance Benchmarks
👉 [Playlist] Database Tutorials: • Database Tutorials
🔴UPDATED🔴: How to Add IAM User and IAM Role to AWS EKS Cluster?- • How to Add IAM User an...
=========
⏱️TIMESTAMPS⏱️
0:00 Intro
0:40 Add an IAM user with read only access to EKS cluster
12:50 Add an IAM role with root access and assume this role by IAM user
=========
Source Code
🌏 - Instructions: antonputra.com/Kubernetes/add...
🖥️ - GitHub: github.com/antonputra/tutoria...
#EKS #Kubernetes #AWS

Пікірлер: 93

@AntonPutra 8 ай бұрын

🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: kzbin.info/aero/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l&si=wc6LIC5V2tD-Tzwl

@_lestina 10 ай бұрын

This is the best video i have seen on Terraform, well structured without missing a step. Thank you so much for this

@AntonPutra 9 ай бұрын

Thank you!

@pikachu3686 Ай бұрын

simple very clear

@AntonPutra Ай бұрын

thanks!

@NightcoreHindi 3 жыл бұрын

This is exactly what i was looking for. Thank you very much. Liked subscribed ✌️

@AntonPutra 3 жыл бұрын

Awesome, thank you!

@burakyilmaz7566 Жыл бұрын

Thank you very much for the video, helped me a lot, I checked many videos related to this content, this one is the purest and best 👍🏻

@AntonPutra Жыл бұрын

Thanks!!

@gouthampratapa4519 Жыл бұрын

Thanks, your tutorial helped alot in understanding the whole concept of accessing cluster. thanks again

@AntonPutra Жыл бұрын

You are welcome!

@antheusferentzi8014 Жыл бұрын

Hi Anton, just wanted to say thank for this video!!!

@AntonPutra Жыл бұрын

Thanks Antheus!

@hamnletrivera9796 8 ай бұрын

Thank you very much for sharing this video, very well and explained and easy to understand !!

@AntonPutra 8 ай бұрын

Thank you Hamnlet!

@maxx27i 3 жыл бұрын

Great tutorial! Thank you so much!

@AntonPutra 3 жыл бұрын

You're very welcome!

@akshaypandhare2214 2 жыл бұрын

Awesome explanation. Really helped me to understand RBAC.

@AntonPutra 2 жыл бұрын

Great to hear!

@zarankeng9301 Жыл бұрын

Thank you for this! Great tutorial.

@AntonPutra Жыл бұрын

Thanks Zara!

@ericberg5286 3 жыл бұрын

Thanks, Anton. BTW, It was AWS tech support that recommended this video.

@AntonPutra 3 жыл бұрын

Cool, thanks

@shehryarabbasi5856 2 жыл бұрын

Anton, you're doing a great job! Keep it up! = )

@AntonPutra 2 жыл бұрын

Thanks, will do!

@leventyild 3 жыл бұрын

Thanks for your tutorial. It was a very helpfull for me

@AntonPutra 3 жыл бұрын

Thanks for the support:)

@alejandrobarquin6511 2 жыл бұрын

Excellent, thank you sir.

@AntonPutra 2 жыл бұрын

Very welcome Alejandro

@LalitYadav-eo4hv 2 жыл бұрын

Awesome video, it helped cleared lot of confusion. Thanks for the video

@AntonPutra 2 жыл бұрын

Thanks Lalit!

@LalitYadav-eo4hv 2 жыл бұрын

@@AntonPutra i found 1 issue related to sts token, whenever i run terraform init i get this invalid client token, i created terraform user, added in to aws profile but couldn’t solve it, later i used sts get token and exported then it worked. I followed each steps defined in VPC video. If u can guid us will be very helpful

@LalitYadav-eo4hv 2 жыл бұрын

@@AntonPutra but I really liked all your videos and i refer your videos whenever i am stuck

@SoumyaDassrd 2 жыл бұрын

Thanks dude, it's nice and deep

@AntonPutra 2 жыл бұрын

Thank you too!

@AntonPutra 3 жыл бұрын

Playlist: kzbin.info/aero/PLiMWaCMwGJXkeBzos8QuUxiYT6j8JYGE5 ⏱️TIMESTAMPS⏱️ 0:00 Intro 0:40 Add an IAM user with read only access to EKS cluster 12:50 Add an IAM role with root access and assume this role by IAM user

@valerikehayov2393 3 жыл бұрын

Thanks for your tutorial. It's really nice job. If I may propose to you, maybe to create a little bit even more advanced video where you can use both VPC and EKS official Terraform modules. As they are very complex and hard to understand and widely used at the same time so it will be worth if someone roughly explains them. Also it will be nice to deploy all necessary resources for EKS to work in production for example: AWS Load balance controller, Autoscaler, Container insights. Keep up the great job, regards!

@AntonPutra 3 жыл бұрын

Thank you for the suggestions. I'll defiantly cover those components in the future.

@AntonPutra 3 жыл бұрын

By the way, EKS Cluster Auto Scaling - kzbin.info/www/bejne/najQlZWleJJ1qqc and horizontal pod autoscaler video will go out on Wednesday.

@valerikehayov2393 3 жыл бұрын

@@AntonPutra Wow, great, it's so important for the whole setup. Thanks man!

@George-mk7lp 2 жыл бұрын

thank you

@AntonPutra 2 жыл бұрын

Welcome!

@nada3857 Жыл бұрын

Gostei, conteúdo completo.

@AntonPutra Жыл бұрын

Thanks!

@palanisamy-dl9qe 3 жыл бұрын

Hi buddy i watched your all the videos related to terraform EKS session it was excellent way of explanation. could you please upload the video terraform cluster auto scaling (worker node creation and deletion ) based on the workload traffic?

@AntonPutra 3 жыл бұрын

Will upload soon, thanks

@AntonPutra Жыл бұрын

👉 How to Manage Secrets in Terraform - kzbin.info/www/bejne/aX-TpXqBrNt1mqM 👉 Terraform Tips & Tricks - kzbin.info/www/bejne/bYScZaKLid5lsJY 👉 ArgoCD Tutorial - kzbin.info/www/bejne/sHjRlZqafMZkisU

@michaellopez2191 3 жыл бұрын

Anton, great video! I have a question for federated users. We authenticate through Okta at my job in which we're attached into 1 of 2 IAM roles. We are staying away from using IAM groups. How can a federated user be attached to the bindings in that case? I can contact you elsewhere if the question needs more details. Thanks again for the video!

@AntonPutra 3 жыл бұрын

Thank you for the question, it's a common use case to use federated users and especially okta. I will try to create a video about this topic soon!

@michaellopez2191 3 жыл бұрын

@@AntonPutra that would be amazing. I figured a decent portion of it out but it doesn't seem to like showing me pod/logs. Hopefully you're video can straighten out some of the issues I'm having!

@jono5658 3 жыл бұрын

Hi Anton, thank you for these great videos. May I please ask why you had to create policy (AmazonEKSDeveloperPolicy) and also create the cluster role? It seems to me that it is the same thing or are they different permissions altogether. Thank-you.

@AntonPutra 3 жыл бұрын

IAM role on its own does not grant any permissions to the subject it's like a container, you need to create IAM policy where you would provide access to some resources and attach it to the role, or you can use AWS managed role with predefined permissions.

@jono5658 3 жыл бұрын

@@AntonPutra Thank-you.

@davidvacca4295 4 ай бұрын

Hi if the task is to Create Secure User in Kubernetes and Map to IAM role, I have to use map roles or mapuser?

@AntonPutra 4 ай бұрын

You should "Create Secure User" in k8s and map to aws iam role

@davidvacca4295 3 ай бұрын

@@AntonPutra how can I create an user?

@amitmandrupkar6842 9 ай бұрын

Antona Great video it helped me lot. have one question . can we add user grop aws-auth file instade of single user ?

@AntonPutra 9 ай бұрын

No, instead of group you can only add IAM role only

@opeomotayo7113 3 жыл бұрын

Hi Anton, Great tutorial, I have subscribed and liked your videos, just wondering if you are able to update the video to create the roles, policies in terraform code please instead of manually, ideally one for manager/admin group and the other for reader group to assume manager and reader role accordingly, may be adding one/two users to each group for testing purpose. I have tried this, but I don't quite understand how to write this with terraform.

@AntonPutra 3 жыл бұрын

Thanks for the question, I will create a video soon.

@AntonPutra Жыл бұрын

🟢 [New] Terragrunt Tutorial: Create VPC, EKS from Scratch! (Step-by-Step) - kzbin.info/www/bejne/r5XYeZSFn5iLg8k

@mvjrao123 3 жыл бұрын

Thanks Anton. It's very useful to me. quick question...where did you create kubernetes group called "reader"?

@AntonPutra 3 жыл бұрын

Not quite sure if I understand your question correctly, "reader" k8s group is a part of the Kubernetes rRole-based access control mechanism (RBAC) created in Kubernetes itself using yaml definition similar to deployment object. github.com/antonputra/tutorials/blob/main/lessons/038/k8s/rbac.yaml#L5

@mvjrao123 3 жыл бұрын

Thanks @@AntonPutra for your response. This file has ClusterRole and ClusterRoleBinding. Don't we need to create a group called 'reader' explicitly?

@luisrodriguezgarcia1282 3 жыл бұрын

Hi Anton! Great job with this tutorial... keep it up! Just one thing... I can't find the JSON code for the policies in your GitLab repo. thanks in advance!

@luisrodriguezgarcia1282 3 жыл бұрын

GitHub not GitLab :)

@AntonPutra 3 жыл бұрын

Thank you, I forgot to add it to github, but you can grab it from here - antonputra.com/eks-add-user-vs-role/

@itaihuber Жыл бұрын

@@AntonPutra hi, the link is no longer available, can i grab the policy json from anywhere else?

@AntonPutra Жыл бұрын

@@itaihuber Here github.com/antonputra/tutorials/tree/main/lessons/038?

@AntonPutra 2 жыл бұрын

🔴UPDATED🔴: How to Add IAM User and IAM Role to AWS EKS Cluster?- kzbin.info/www/bejne/e3jHf2Vne5d9nNk

@AntonPutra 2 жыл бұрын

Available on January 3

@ayushsinghrathore7186 Жыл бұрын

Hey Anton! Thanks for the great video. One doubt I have here is we can see that you have update the kubeconfig using eks-admin profile and then we are able to do the stuffs. How to verify that an IAM user who is able to assume this role can perform the actions inside the cluster? We are just doing all the operations using eks-admin role which already has system:masters permission at the cluster level and hence we are getting response as yes. Its a bit confusing. Any insight on this?

@AntonPutra Жыл бұрын

Little bit confused by the question, what do you mean by "actions inside the cluster"? You can verify locally by using different IAM users with and without access to the eks-admin role

@ayushsinghrathore7186 Жыл бұрын

@@AntonPutra I figured out, we need to assume the role and then add the profile containing temporary credentials inside the ~/.aws/credentials Finally do aws eks update-kubeconfig using that assumed role profile to verify the access. Thank you

@weitanglau162 2 жыл бұрын

awesome series! watched everything! Is there any difference with the new update to eks?

@AntonPutra 2 жыл бұрын

Thanks, what do you mean?

@weitanglau162 2 жыл бұрын

@@AntonPutra I believe eks load balancing has new update. Think it's called AWS Load Balancer Controller. Furthermore, I see that in some other examples, they don't have to create a service with those annotations like you have. Why is this so?

@AntonPutra Жыл бұрын

Get Full-Length High-Quality DevOps Tutorials for Free - Subscribe Now! - kzbin.info

@praveen9290 2 жыл бұрын

Hi....can you continue the playlist with your eks cluster on fargate.

@AntonPutra 2 жыл бұрын

Sure

@bhupathivarma9170 2 жыл бұрын

Pls do video on below requirement. 1.IAM role for pods to be able to access EFS. 2. IAM role for cluster-auto scaler. 3. IAM role for alb-ingress controller

@AntonPutra 2 жыл бұрын

I have similar videos except 3 1. kzbin.info/www/bejne/mKaTfmWvZ8xko5o 2. kzbin.info/www/bejne/najQlZWleJJ1qqc 3. TODO :)

@bhupathivarma9170 2 жыл бұрын

@@AntonPutra you are awesome ur videos r crisp and clear... Thank you so much

@AntonPutra 2 жыл бұрын

@@bhupathivarma9170 🥰

@bhupathivarma9170 2 жыл бұрын

@@AntonPutra please help with 3 if possible

@AntonPutra 2 жыл бұрын

@@bhupathivarma9170 do you have any specific use case for 3? Can you describe your workload?