How do you get kubectl to log in to an AWS EKS cluster?










0














Starting from a ~empty AWS account, I am trying to follow https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html



So that meant I created a VPS stack, then installed aws-iam-authenticator, awscli and kubectl, then created an IAM user with Programmatic access and AmazonEKSAdminPolicy directly
attached.



Then I used the website to create my EKS cluster and used aws configure to set the access key and secret of my IAM user.



aws eks update-kubeconfig --name wr-eks-cluster worked fine, but:



kubectl get svc
error: the server doesn't have a resource type "svc"


I continued anyway, creating my worker nodes stack, and now I'm at a dead-end with:



kubectl apply -f aws-auth-cm.yaml
error: You must be logged in to the server (the server has asked for the client to provide credentials)


aws-iam-authenticator token -i <my cluster name> seems to work fine.



The thing I seem to be missing is that when you create the cluster you specify an IAM role, but when you create the user (according to the guide) you attach a policy. How is my user supposed to have access to this cluster?



Or ultimately, how do I proceed and gain access to my cluster using kubectl?










share|improve this question























  • I suspect you need to apply the auth config as the account that created the cluster in the first place.
    – Oliver Charlesworth
    Nov 12 '18 at 17:12










  • How do I get auth details of "the account that created the cluster", when I used the web interface to create the cluster (which only lets you specify an IAM role, not a user)? I just have my account that I log in to AWS with, 1 IAM user that I'm currently trying and failing to use, and 1 IAM role, as per the guide.
    – sbs
    Nov 13 '18 at 9:29















0














Starting from a ~empty AWS account, I am trying to follow https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html



So that meant I created a VPS stack, then installed aws-iam-authenticator, awscli and kubectl, then created an IAM user with Programmatic access and AmazonEKSAdminPolicy directly
attached.



Then I used the website to create my EKS cluster and used aws configure to set the access key and secret of my IAM user.



aws eks update-kubeconfig --name wr-eks-cluster worked fine, but:



kubectl get svc
error: the server doesn't have a resource type "svc"


I continued anyway, creating my worker nodes stack, and now I'm at a dead-end with:



kubectl apply -f aws-auth-cm.yaml
error: You must be logged in to the server (the server has asked for the client to provide credentials)


aws-iam-authenticator token -i <my cluster name> seems to work fine.



The thing I seem to be missing is that when you create the cluster you specify an IAM role, but when you create the user (according to the guide) you attach a policy. How is my user supposed to have access to this cluster?



Or ultimately, how do I proceed and gain access to my cluster using kubectl?










share|improve this question























  • I suspect you need to apply the auth config as the account that created the cluster in the first place.
    – Oliver Charlesworth
    Nov 12 '18 at 17:12










  • How do I get auth details of "the account that created the cluster", when I used the web interface to create the cluster (which only lets you specify an IAM role, not a user)? I just have my account that I log in to AWS with, 1 IAM user that I'm currently trying and failing to use, and 1 IAM role, as per the guide.
    – sbs
    Nov 13 '18 at 9:29













0












0








0







Starting from a ~empty AWS account, I am trying to follow https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html



So that meant I created a VPS stack, then installed aws-iam-authenticator, awscli and kubectl, then created an IAM user with Programmatic access and AmazonEKSAdminPolicy directly
attached.



Then I used the website to create my EKS cluster and used aws configure to set the access key and secret of my IAM user.



aws eks update-kubeconfig --name wr-eks-cluster worked fine, but:



kubectl get svc
error: the server doesn't have a resource type "svc"


I continued anyway, creating my worker nodes stack, and now I'm at a dead-end with:



kubectl apply -f aws-auth-cm.yaml
error: You must be logged in to the server (the server has asked for the client to provide credentials)


aws-iam-authenticator token -i <my cluster name> seems to work fine.



The thing I seem to be missing is that when you create the cluster you specify an IAM role, but when you create the user (according to the guide) you attach a policy. How is my user supposed to have access to this cluster?



Or ultimately, how do I proceed and gain access to my cluster using kubectl?










share|improve this question















Starting from a ~empty AWS account, I am trying to follow https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html



So that meant I created a VPS stack, then installed aws-iam-authenticator, awscli and kubectl, then created an IAM user with Programmatic access and AmazonEKSAdminPolicy directly
attached.



Then I used the website to create my EKS cluster and used aws configure to set the access key and secret of my IAM user.



aws eks update-kubeconfig --name wr-eks-cluster worked fine, but:



kubectl get svc
error: the server doesn't have a resource type "svc"


I continued anyway, creating my worker nodes stack, and now I'm at a dead-end with:



kubectl apply -f aws-auth-cm.yaml
error: You must be logged in to the server (the server has asked for the client to provide credentials)


aws-iam-authenticator token -i <my cluster name> seems to work fine.



The thing I seem to be missing is that when you create the cluster you specify an IAM role, but when you create the user (according to the guide) you attach a policy. How is my user supposed to have access to this cluster?



Or ultimately, how do I proceed and gain access to my cluster using kubectl?







amazon-web-services kubernetes kubectl amazon-eks






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 12 '18 at 19:26









Rico

26.2k94864




26.2k94864










asked Nov 12 '18 at 17:09









sbs

19719




19719











  • I suspect you need to apply the auth config as the account that created the cluster in the first place.
    – Oliver Charlesworth
    Nov 12 '18 at 17:12










  • How do I get auth details of "the account that created the cluster", when I used the web interface to create the cluster (which only lets you specify an IAM role, not a user)? I just have my account that I log in to AWS with, 1 IAM user that I'm currently trying and failing to use, and 1 IAM role, as per the guide.
    – sbs
    Nov 13 '18 at 9:29
















  • I suspect you need to apply the auth config as the account that created the cluster in the first place.
    – Oliver Charlesworth
    Nov 12 '18 at 17:12










  • How do I get auth details of "the account that created the cluster", when I used the web interface to create the cluster (which only lets you specify an IAM role, not a user)? I just have my account that I log in to AWS with, 1 IAM user that I'm currently trying and failing to use, and 1 IAM role, as per the guide.
    – sbs
    Nov 13 '18 at 9:29















I suspect you need to apply the auth config as the account that created the cluster in the first place.
– Oliver Charlesworth
Nov 12 '18 at 17:12




I suspect you need to apply the auth config as the account that created the cluster in the first place.
– Oliver Charlesworth
Nov 12 '18 at 17:12












How do I get auth details of "the account that created the cluster", when I used the web interface to create the cluster (which only lets you specify an IAM role, not a user)? I just have my account that I log in to AWS with, 1 IAM user that I'm currently trying and failing to use, and 1 IAM role, as per the guide.
– sbs
Nov 13 '18 at 9:29




How do I get auth details of "the account that created the cluster", when I used the web interface to create the cluster (which only lets you specify an IAM role, not a user)? I just have my account that I log in to AWS with, 1 IAM user that I'm currently trying and failing to use, and 1 IAM role, as per the guide.
– sbs
Nov 13 '18 at 9:29












1 Answer
1






active

oldest

votes


















5














  1. As mentioned in docs, the AWS IAM user created EKS cluster automatically receives system:master permissions, and it's enough to get kubectl working. You need to use this user credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to access the cluster. In case you didn't create a specific IAM user to create a cluster, then you probably created it using root AWS account. In this case, you can use root user credentials (Creating Access Keys for the Root User).

  2. The main magic is inside aws-auth ConfigMap in your cluster – it contains IAM entities -> kubernetes ServiceAccount mapping.

I'm not sure about how do you pass credentials for the aws-iam-authenticator:



  • If you have ~/.aws/credentials with aws_profile_of_eks_iam_creator then you can try $ AWS_PROFILE=aws_profile_of_eks_iam_creator kubectl get all --all-namespaces

  • Also, you can use environment variables $ AWS_ACCESS_KEY_ID=XXX AWS_SECRET_ACCESS_KEY=YYY AWS_DEFAULT_REGION=your-region-1 kubectl get all --all-namespaces

Both of them should work, because kubectl ... will use generated ~/.kube/config that contains aws-iam-authenticator token -i cluster_name command. aws-iam-authenticator uses environment variables or ~/.aws/credentials to give you a token.



Also, this answer may be useful for the understanding of the first EKS user creation.






share|improve this answer






















  • As I noted as the thing that confuses me, an IAM user did not create the EKS cluster. I used the web interface to create it, and that only asked for an IAM role. I used aws configure to set my access key, secret and default region, after which my ~/.aws/credentials has a single [default] block with the access and secret.
    – sbs
    Nov 13 '18 at 9:26










  • During the EKS creation (even from the web interface) you specify service role ARN – this is a role that will be used internally by EKS and you don't need to pay a lot of attention on this role right now. When you created the EKS through web interface you was logged in as some IAM AWS user, right? Try to use that user credentials to obtain the EKS access.
    – Ivan Kalita
    Nov 13 '18 at 15:41










  • I don't think I know how to log in as an IAM user. I mean, I have to log in as "me", and then I created my first IAM user as part of following the guide. So I wasn't an IAM user to start with. What is the correct way to log in AWS website as an IAM user?
    – sbs
    Nov 13 '18 at 15:49











  • You logged in as a root user (I guess). Please try "Creating Access Keys for the Root User" of this manual docs.aws.amazon.com/en_us/IAM/latest/UserGuide/… to get your root user AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Then, please, try to use these credentials to get access to the cluster. Also, using root account is not the best practice, so I'll suggest you to: get root credentials, get access to kubectl, create new IAM user, add this user to the aws-auth configmap inside the cluster and then deactivate root user credentials :)
    – Ivan Kalita
    Nov 13 '18 at 15:53










  • Thanks, yes, using root user access keys gives me access. If you note the root user issue in your answer, I can accept it.
    – sbs
    Nov 14 '18 at 16:33










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53266960%2fhow-do-you-get-kubectl-to-log-in-to-an-aws-eks-cluster%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









5














  1. As mentioned in docs, the AWS IAM user created EKS cluster automatically receives system:master permissions, and it's enough to get kubectl working. You need to use this user credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to access the cluster. In case you didn't create a specific IAM user to create a cluster, then you probably created it using root AWS account. In this case, you can use root user credentials (Creating Access Keys for the Root User).

  2. The main magic is inside aws-auth ConfigMap in your cluster – it contains IAM entities -> kubernetes ServiceAccount mapping.

I'm not sure about how do you pass credentials for the aws-iam-authenticator:



  • If you have ~/.aws/credentials with aws_profile_of_eks_iam_creator then you can try $ AWS_PROFILE=aws_profile_of_eks_iam_creator kubectl get all --all-namespaces

  • Also, you can use environment variables $ AWS_ACCESS_KEY_ID=XXX AWS_SECRET_ACCESS_KEY=YYY AWS_DEFAULT_REGION=your-region-1 kubectl get all --all-namespaces

Both of them should work, because kubectl ... will use generated ~/.kube/config that contains aws-iam-authenticator token -i cluster_name command. aws-iam-authenticator uses environment variables or ~/.aws/credentials to give you a token.



Also, this answer may be useful for the understanding of the first EKS user creation.






share|improve this answer






















  • As I noted as the thing that confuses me, an IAM user did not create the EKS cluster. I used the web interface to create it, and that only asked for an IAM role. I used aws configure to set my access key, secret and default region, after which my ~/.aws/credentials has a single [default] block with the access and secret.
    – sbs
    Nov 13 '18 at 9:26










  • During the EKS creation (even from the web interface) you specify service role ARN – this is a role that will be used internally by EKS and you don't need to pay a lot of attention on this role right now. When you created the EKS through web interface you was logged in as some IAM AWS user, right? Try to use that user credentials to obtain the EKS access.
    – Ivan Kalita
    Nov 13 '18 at 15:41










  • I don't think I know how to log in as an IAM user. I mean, I have to log in as "me", and then I created my first IAM user as part of following the guide. So I wasn't an IAM user to start with. What is the correct way to log in AWS website as an IAM user?
    – sbs
    Nov 13 '18 at 15:49











  • You logged in as a root user (I guess). Please try "Creating Access Keys for the Root User" of this manual docs.aws.amazon.com/en_us/IAM/latest/UserGuide/… to get your root user AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Then, please, try to use these credentials to get access to the cluster. Also, using root account is not the best practice, so I'll suggest you to: get root credentials, get access to kubectl, create new IAM user, add this user to the aws-auth configmap inside the cluster and then deactivate root user credentials :)
    – Ivan Kalita
    Nov 13 '18 at 15:53










  • Thanks, yes, using root user access keys gives me access. If you note the root user issue in your answer, I can accept it.
    – sbs
    Nov 14 '18 at 16:33















5














  1. As mentioned in docs, the AWS IAM user created EKS cluster automatically receives system:master permissions, and it's enough to get kubectl working. You need to use this user credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to access the cluster. In case you didn't create a specific IAM user to create a cluster, then you probably created it using root AWS account. In this case, you can use root user credentials (Creating Access Keys for the Root User).

  2. The main magic is inside aws-auth ConfigMap in your cluster – it contains IAM entities -> kubernetes ServiceAccount mapping.

I'm not sure about how do you pass credentials for the aws-iam-authenticator:



  • If you have ~/.aws/credentials with aws_profile_of_eks_iam_creator then you can try $ AWS_PROFILE=aws_profile_of_eks_iam_creator kubectl get all --all-namespaces

  • Also, you can use environment variables $ AWS_ACCESS_KEY_ID=XXX AWS_SECRET_ACCESS_KEY=YYY AWS_DEFAULT_REGION=your-region-1 kubectl get all --all-namespaces

Both of them should work, because kubectl ... will use generated ~/.kube/config that contains aws-iam-authenticator token -i cluster_name command. aws-iam-authenticator uses environment variables or ~/.aws/credentials to give you a token.



Also, this answer may be useful for the understanding of the first EKS user creation.






share|improve this answer






















  • As I noted as the thing that confuses me, an IAM user did not create the EKS cluster. I used the web interface to create it, and that only asked for an IAM role. I used aws configure to set my access key, secret and default region, after which my ~/.aws/credentials has a single [default] block with the access and secret.
    – sbs
    Nov 13 '18 at 9:26










  • During the EKS creation (even from the web interface) you specify service role ARN – this is a role that will be used internally by EKS and you don't need to pay a lot of attention on this role right now. When you created the EKS through web interface you was logged in as some IAM AWS user, right? Try to use that user credentials to obtain the EKS access.
    – Ivan Kalita
    Nov 13 '18 at 15:41










  • I don't think I know how to log in as an IAM user. I mean, I have to log in as "me", and then I created my first IAM user as part of following the guide. So I wasn't an IAM user to start with. What is the correct way to log in AWS website as an IAM user?
    – sbs
    Nov 13 '18 at 15:49











  • You logged in as a root user (I guess). Please try "Creating Access Keys for the Root User" of this manual docs.aws.amazon.com/en_us/IAM/latest/UserGuide/… to get your root user AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Then, please, try to use these credentials to get access to the cluster. Also, using root account is not the best practice, so I'll suggest you to: get root credentials, get access to kubectl, create new IAM user, add this user to the aws-auth configmap inside the cluster and then deactivate root user credentials :)
    – Ivan Kalita
    Nov 13 '18 at 15:53










  • Thanks, yes, using root user access keys gives me access. If you note the root user issue in your answer, I can accept it.
    – sbs
    Nov 14 '18 at 16:33













5












5








5






  1. As mentioned in docs, the AWS IAM user created EKS cluster automatically receives system:master permissions, and it's enough to get kubectl working. You need to use this user credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to access the cluster. In case you didn't create a specific IAM user to create a cluster, then you probably created it using root AWS account. In this case, you can use root user credentials (Creating Access Keys for the Root User).

  2. The main magic is inside aws-auth ConfigMap in your cluster – it contains IAM entities -> kubernetes ServiceAccount mapping.

I'm not sure about how do you pass credentials for the aws-iam-authenticator:



  • If you have ~/.aws/credentials with aws_profile_of_eks_iam_creator then you can try $ AWS_PROFILE=aws_profile_of_eks_iam_creator kubectl get all --all-namespaces

  • Also, you can use environment variables $ AWS_ACCESS_KEY_ID=XXX AWS_SECRET_ACCESS_KEY=YYY AWS_DEFAULT_REGION=your-region-1 kubectl get all --all-namespaces

Both of them should work, because kubectl ... will use generated ~/.kube/config that contains aws-iam-authenticator token -i cluster_name command. aws-iam-authenticator uses environment variables or ~/.aws/credentials to give you a token.



Also, this answer may be useful for the understanding of the first EKS user creation.






share|improve this answer














  1. As mentioned in docs, the AWS IAM user created EKS cluster automatically receives system:master permissions, and it's enough to get kubectl working. You need to use this user credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) to access the cluster. In case you didn't create a specific IAM user to create a cluster, then you probably created it using root AWS account. In this case, you can use root user credentials (Creating Access Keys for the Root User).

  2. The main magic is inside aws-auth ConfigMap in your cluster – it contains IAM entities -> kubernetes ServiceAccount mapping.

I'm not sure about how do you pass credentials for the aws-iam-authenticator:



  • If you have ~/.aws/credentials with aws_profile_of_eks_iam_creator then you can try $ AWS_PROFILE=aws_profile_of_eks_iam_creator kubectl get all --all-namespaces

  • Also, you can use environment variables $ AWS_ACCESS_KEY_ID=XXX AWS_SECRET_ACCESS_KEY=YYY AWS_DEFAULT_REGION=your-region-1 kubectl get all --all-namespaces

Both of them should work, because kubectl ... will use generated ~/.kube/config that contains aws-iam-authenticator token -i cluster_name command. aws-iam-authenticator uses environment variables or ~/.aws/credentials to give you a token.



Also, this answer may be useful for the understanding of the first EKS user creation.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 14 '18 at 17:49

























answered Nov 12 '18 at 19:37









Ivan Kalita

1,277826




1,277826











  • As I noted as the thing that confuses me, an IAM user did not create the EKS cluster. I used the web interface to create it, and that only asked for an IAM role. I used aws configure to set my access key, secret and default region, after which my ~/.aws/credentials has a single [default] block with the access and secret.
    – sbs
    Nov 13 '18 at 9:26










  • During the EKS creation (even from the web interface) you specify service role ARN – this is a role that will be used internally by EKS and you don't need to pay a lot of attention on this role right now. When you created the EKS through web interface you was logged in as some IAM AWS user, right? Try to use that user credentials to obtain the EKS access.
    – Ivan Kalita
    Nov 13 '18 at 15:41










  • I don't think I know how to log in as an IAM user. I mean, I have to log in as "me", and then I created my first IAM user as part of following the guide. So I wasn't an IAM user to start with. What is the correct way to log in AWS website as an IAM user?
    – sbs
    Nov 13 '18 at 15:49











  • You logged in as a root user (I guess). Please try "Creating Access Keys for the Root User" of this manual docs.aws.amazon.com/en_us/IAM/latest/UserGuide/… to get your root user AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Then, please, try to use these credentials to get access to the cluster. Also, using root account is not the best practice, so I'll suggest you to: get root credentials, get access to kubectl, create new IAM user, add this user to the aws-auth configmap inside the cluster and then deactivate root user credentials :)
    – Ivan Kalita
    Nov 13 '18 at 15:53










  • Thanks, yes, using root user access keys gives me access. If you note the root user issue in your answer, I can accept it.
    – sbs
    Nov 14 '18 at 16:33
















  • As I noted as the thing that confuses me, an IAM user did not create the EKS cluster. I used the web interface to create it, and that only asked for an IAM role. I used aws configure to set my access key, secret and default region, after which my ~/.aws/credentials has a single [default] block with the access and secret.
    – sbs
    Nov 13 '18 at 9:26










  • During the EKS creation (even from the web interface) you specify service role ARN – this is a role that will be used internally by EKS and you don't need to pay a lot of attention on this role right now. When you created the EKS through web interface you was logged in as some IAM AWS user, right? Try to use that user credentials to obtain the EKS access.
    – Ivan Kalita
    Nov 13 '18 at 15:41










  • I don't think I know how to log in as an IAM user. I mean, I have to log in as "me", and then I created my first IAM user as part of following the guide. So I wasn't an IAM user to start with. What is the correct way to log in AWS website as an IAM user?
    – sbs
    Nov 13 '18 at 15:49











  • You logged in as a root user (I guess). Please try "Creating Access Keys for the Root User" of this manual docs.aws.amazon.com/en_us/IAM/latest/UserGuide/… to get your root user AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Then, please, try to use these credentials to get access to the cluster. Also, using root account is not the best practice, so I'll suggest you to: get root credentials, get access to kubectl, create new IAM user, add this user to the aws-auth configmap inside the cluster and then deactivate root user credentials :)
    – Ivan Kalita
    Nov 13 '18 at 15:53










  • Thanks, yes, using root user access keys gives me access. If you note the root user issue in your answer, I can accept it.
    – sbs
    Nov 14 '18 at 16:33















As I noted as the thing that confuses me, an IAM user did not create the EKS cluster. I used the web interface to create it, and that only asked for an IAM role. I used aws configure to set my access key, secret and default region, after which my ~/.aws/credentials has a single [default] block with the access and secret.
– sbs
Nov 13 '18 at 9:26




As I noted as the thing that confuses me, an IAM user did not create the EKS cluster. I used the web interface to create it, and that only asked for an IAM role. I used aws configure to set my access key, secret and default region, after which my ~/.aws/credentials has a single [default] block with the access and secret.
– sbs
Nov 13 '18 at 9:26












During the EKS creation (even from the web interface) you specify service role ARN – this is a role that will be used internally by EKS and you don't need to pay a lot of attention on this role right now. When you created the EKS through web interface you was logged in as some IAM AWS user, right? Try to use that user credentials to obtain the EKS access.
– Ivan Kalita
Nov 13 '18 at 15:41




During the EKS creation (even from the web interface) you specify service role ARN – this is a role that will be used internally by EKS and you don't need to pay a lot of attention on this role right now. When you created the EKS through web interface you was logged in as some IAM AWS user, right? Try to use that user credentials to obtain the EKS access.
– Ivan Kalita
Nov 13 '18 at 15:41












I don't think I know how to log in as an IAM user. I mean, I have to log in as "me", and then I created my first IAM user as part of following the guide. So I wasn't an IAM user to start with. What is the correct way to log in AWS website as an IAM user?
– sbs
Nov 13 '18 at 15:49





I don't think I know how to log in as an IAM user. I mean, I have to log in as "me", and then I created my first IAM user as part of following the guide. So I wasn't an IAM user to start with. What is the correct way to log in AWS website as an IAM user?
– sbs
Nov 13 '18 at 15:49













You logged in as a root user (I guess). Please try "Creating Access Keys for the Root User" of this manual docs.aws.amazon.com/en_us/IAM/latest/UserGuide/… to get your root user AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Then, please, try to use these credentials to get access to the cluster. Also, using root account is not the best practice, so I'll suggest you to: get root credentials, get access to kubectl, create new IAM user, add this user to the aws-auth configmap inside the cluster and then deactivate root user credentials :)
– Ivan Kalita
Nov 13 '18 at 15:53




You logged in as a root user (I guess). Please try "Creating Access Keys for the Root User" of this manual docs.aws.amazon.com/en_us/IAM/latest/UserGuide/… to get your root user AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Then, please, try to use these credentials to get access to the cluster. Also, using root account is not the best practice, so I'll suggest you to: get root credentials, get access to kubectl, create new IAM user, add this user to the aws-auth configmap inside the cluster and then deactivate root user credentials :)
– Ivan Kalita
Nov 13 '18 at 15:53












Thanks, yes, using root user access keys gives me access. If you note the root user issue in your answer, I can accept it.
– sbs
Nov 14 '18 at 16:33




Thanks, yes, using root user access keys gives me access. If you note the root user issue in your answer, I can accept it.
– sbs
Nov 14 '18 at 16:33

















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53266960%2fhow-do-you-get-kubectl-to-log-in-to-an-aws-eks-cluster%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







這個網誌中的熱門文章

How to read a connectionString WITH PROVIDER in .NET Core?

Node.js Script on GitHub Pages or Amazon S3

Museum of Modern and Contemporary Art of Trento and Rovereto