Skip to content

Commit

Permalink
Merge pull request #669 from arcegacardenas/aws-iam-console-access2
Browse files Browse the repository at this point in the history
Aws iam console access2
  • Loading branch information
niallthomson authored Sep 25, 2023
2 parents 025f1c5 + 4fa4a62 commit 76b3410
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 2 deletions.
8 changes: 7 additions & 1 deletion lab/bin/use-cluster
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,10 @@ EKS_IP_FAMILY=ipv4
set +a
EOT

aws eks update-kubeconfig --name $cluster_name > /dev/null
aws eks update-kubeconfig --name $cluster_name > /dev/null 2>&1

if [[ -v C9_USER ]]; then
echo "Granting C9_USER access to the cluster via the AWS Console ${C9_USER}"
eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:user/${C9_USER} --username console-iam-user --group system:masters --no-duplicate-arns -d > /dev/null 2>&1
eksctl create iamidentitymapping --cluster $cluster_name --arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/${C9_USER} --username console-iam-role --group system:masters --no-duplicate-arns -d > /dev/null 2>&1
fi
9 changes: 8 additions & 1 deletion website/docs/observability/resource-view/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,17 @@ Prepare your environment for this section:
$ prepare-environment
```

This will make the following changes to your lab environment:
- Creates an additional kubernetes ClusterRole with the name "eks-console-dashboard-full-access-clusterrole"
- Creates a Kubernetes ClusterRoleBinding with the name "eks-console-dashboard-full-access-binding"
- Mapps the Cloud9 IAM User/ Role to the ClusterRoleBinding ad RBAC group, to grant access the AWS console to view Kubernetes resources.

You can view the Terraform that applies these changes [here](https://github.com/VAR::MANIFESTS_OWNER/VAR::MANIFESTS_REPOSITORY/tree/VAR::MANIFESTS_REF/manifests/modules/observability/base/.workshop/terraform).

:::

In this lab, we'll view all Kubernetes API resource types using the AWS Management Console for Amazon EKS. You will be able to view and explore all standard Kubernetes API resource types such as configuration, authorization resources, policy resources, service resources and more. [Kubernetes resource view](https://docs.aws.amazon.com/eks/latest/userguide/view-kubernetes-resources.html) is supported for all Kubernetes clusters hosted by Amazon EKS. You can use [Amazon EKS Connector](https://docs.aws.amazon.com/eks/latest/userguide/eks-connector.html) to register and connect any conformant Kubernetes cluster to AWS and visualize it in the Amazon EKS console.

We'll be viewing the resources created by the sample application. Note that you’ll only see resources that you have [RBAC permissions](https://docs.aws.amazon.com/eks/latest/userguide/view-kubernetes-resources.html#view-kubernetes-resources-permissions) to access.
We'll be viewing the resources created by the sample application. Note that you’ll only see resources that you have [RBAC permissions](https://docs.aws.amazon.com/eks/latest/userguide/view-kubernetes-resources.html#view-kubernetes-resources-permissions) to access, which were created during the environment preparation.

![Insights](/img/resource-view/eks-overview.jpg)

0 comments on commit 76b3410

Please sign in to comment.