saml2aws icon indicating copy to clipboard operation
saml2aws copied to clipboard
verified publisher icon Versent

saml2aws as credential plugin for eks cluster

Open d-kononov opened this issue 3 years ago • 4 comments

Ability to use saml2aws binary file as credential plugin for EKS cluster

d-kononov avatar Sep 21 '22 11:09 d-kononov

Have you thought of using the aws-iam-authenticator and use the aws cli with credential process to auth seemlessly?

- name: myCluster
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - eks
      - get-token
      - --cluster-name
      - mycluster
      - --profile
      - mycluster
      - --region
      - us-east-1
      command: aws
      env: null

sledigabel avatar Sep 21 '22 12:09 sledigabel

@sledigabel it should work if you store users in the AWS and provide aws keys to each of the users.

But it will not work if you use keycloak (as an example) as identity provider.

This feature allow you to use idp to create aws session and allow user to connect to the eks cluster.

d-kononov avatar Sep 21 '22 12:09 d-kononov

@d-kononov we use ADFS as IdP, backed by Azure. We do not use AWS IAM Users at all. You get a role in the end which you can use to auth in EKS with RoleBinding.

sledigabel avatar Sep 21 '22 13:09 sledigabel

@d-kononov Are you still interested in this? If yes, please fix conflicts so we can merge.

mapkon avatar Apr 24 '24 05:04 mapkon