Amazon EKS Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 47: Line 47:


==EKS IAM Permissions==
==EKS IAM Permissions==
These are technically "[[Amazon_AWS_Security_Concepts#Action|actions]]", but they are commonly referred to as "[[Amazon_AWS_Security_Concepts#Permission|permissions]]", which implies that the action is part of a formal permission construct associated with the entity requiring it.
* eks:DescribeCluster
* eks:DescribeCluster

Revision as of 20:46, 12 June 2020

Internal

Overview

EKS Cluster

Control Plane

Managed Worker Node Group

Node Group Name

EKS Worker Node

Cluster Service Role

Cluster Autoscaler

Cluster Endpoint

AWS Infrastructure Requirements

  • VPC
  • subnets
  • security groups. A dedicated security group for each cluster control plane is recommended.
  • Topology diagram

Integration with ECR

Logging

SLA

https://aws.amazon.com/eks/sla/

aws-iam-authenticator

Page 17.

aws-iam-authenticator Operations

aws-iam-authenticator

.kube/config Configuration

AWS documentation refers to the Kubernetes configuration file as "kubeconfig".

.kube/config

EKS Security

EKS IAM Permissions

These are technically "actions", but they are commonly referred to as "permissions", which implies that the action is part of a formal permission construct associated with the entity requiring it.

  • eks:DescribeCluster