Open joebowbeer opened 7 months ago
Hi @joebowbeer!
We are working on updating the Control Plane and Detective sections with content regarding Cluster Access Manager.
For the IAM section, since the aws-auth
is not discontinued yet, we need to keep the documentation for it. As soon as it is not supported anymore, we can remove it. Same for the official Docs.
@rodrigobersa good to hear.
Here are some basic corrections to IAM docs in their current form
That's nice! Thanks for bringing those up @joebowbeer!
@rodrigobersa I think some of the above has been addressed. (Cool!)
Remaining content to update:
These pages only mention aws-auth
, e.g.,
The detective page mentions logging changes to aws-auth
and does not include instructions for logging changes to access entries, which I assume would be advisable.
New: I recommend mentioning mkat as a way to verify that IMDSv2 is not accessible from pods.
Describe the problem The aws-auth configmap documentation needs an update, now that the Cluster Access Manager API has been added and is the preferred way to manage access of AWS IAM principals to Amazon EKS clusters.
Content to update:
The new Cluster Access Manager is mentioned in
iam.md
but there is a lot of old and possibly obsolete information preceding it. Suggestion: Move theaws-auth
paragraph to the bottom and add a disclaimer.The User Guide can also use an update. A lot of docs point to the following, which is now essentially obselete:
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html#aws-auth-configmap
Users should be directed to the following instead?
https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html
References