tkimble-cafeyn
commented
1 month ago Would love to see this feature as well
Open kpanic9 opened 2 months ago
tkimble-cafeyn
commented
1 month ago Would love to see this feature as well
seifrajhi
commented
1 month ago I’d love to see this capability added as well !!
janquijano
commented
1 month ago This would be amazing to have. Pretty please.
nv30
commented
1 month ago We really miss this feature.
atheiman
commented
3 days ago This could also be a solution to the limitation of the existing access policies which do not include escalate and bind verbs. Because of this, no access policy other than AmazonEKSClusterAdminPolicy is capable of creating (Cluster)Roles / (Cluster)RoleBindings
Tell us about your request We have recently started using the EKS access entries for allowing IAM entities access the EKS cluster control plane. But at the moment there are only few predefined access policies we can use. We would like to have the ability to create custom access policies.
Which service(s) is this request for? EKS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We are a platform team building EKS clusters for application teams. When we provision an EKS cluster, we would like to provide controlled access to (beyond what's available in predefined access policies, eg: to a specific namespace and to a specific set of resources) to the dev teams using the cluster at the time of provisioning the clusters. The current solution we use have the necessary configurations in few places and done in different stages. It would be great if we can provision dev team access while provisioning the clusters.
Are you currently working around this issue? How are you currently solving this problem? At the moment we are solving this problem by creating K8s RBAC resources and assigning k8s group names to IAM entities using access entries.