Is aws-iam-authenticator still needed with EKS?

kubernetes amazon-eks

Solution 1:

Amazon EKS uses IAM to provide authentication to your Kubernetes cluster[...], but it still relies on native Kubernetes Role Based Access Control (RBAC) for authorization. [...] All permissions for interacting with your Amazon EKS cluster’s Kubernetes API is managed through the native Kubernetes RBAC system. EKS userguide

So you don't necessary need the aws-iam-authenticator. The aws-iam-authenticator maps IAM user and roles to the native Kubernetes Role Based Access Control (RBAC) for authorization. So theoretically it should be possible to just use the RBAC. However the official documentation only refers to IAM authentication. So I would advice to use that as well. I'm not 100% sure if a missing aws-iam-authenticator could cause problems with service based policies. Stuff like granting a pod access to a s3 bucket.

When you create an Amazon EKS cluster, the IAM entity user or role, such as a federated user that creates the cluster, is automatically granted system:masters permissions in the cluster's RBAC configuration. EKS userguide

That is why your user has access to the EKS cluster.

Related

Is it good practice to out MySQL or Apache in /opt/ folder?
setup SameSite=none value in Nginx webserver
How to tell PyTorch to not use the GPU?
finding max possible date in ms sql server 2005+
Multiple blocks of same name in Jinja2
'CompanyName.Foo' is a 'namespace' but is used like a 'type'
Receive message "A signed resource has been added, modified, or deleted" when trying to debug an App on iPhone
Performing Inner Join for Multiple Columns in the Same Table
Sort selected text from Visual Studio context menu
Cascading drop-downs in MVC 3 Razor view
How to use jQuery.map() on array of objects to return array of arrays
SVN: how to return to previous revision?