search

ruimarinho / gsts

Obtain and store AWS STS credentials to interact with Amazon services by authenticating via G Suite SAML.
MIT License
212 stars 37 forks source link

EKS authentication is not working . #88

Closed thestrid3r closed 11 months ago

thestrid3r commented 1 year ago

After updating to the latest version any users have access to multiple AWS accounts and after updating the config file as per latest changes , EKS is looking for auth credentials in ~/.aws/credentials directory which don't have any entry and if we create same entry it's showing as circular dependency .

faisalshah21 commented 1 year ago

facing same issue

bebosudo commented 11 months ago

Got it to work by using a trick, see https://github.com/ruimarinho/gsts/issues/83#issuecomment-1653591082

ruimarinho commented 11 months ago

~/.aws/credentials is supposed to be empty with gsts@v5. It's a feature because aws cli becomes responsible for managing that via the credentials_process helper.

There could be a bug (maybe #83) but it's certainly not due to this behavior. Make sure your kubeconfig is updated to the following:

- name: arn:aws:eks:<region>:12345789:cluster/foobar
    user:
      exec:
        apiVersion: client.authentication.k8s.io/v1
        args:
        - eks
        - get-token
        - --region
        - <region>
        - --cluster-name
        - foobar
     command: aws

Under the hood, this calls aws eks get-token --region <region> --cluster-name foobar which must work regardless of this kubeconfig. This process calls gsts in the background, taking care of the re-authentication (if needed).