Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update aws-auth configmap documentation #463

Open
joebowbeer opened this issue Jan 25, 2024 · 4 comments
Open

Update aws-auth configmap documentation #463

joebowbeer opened this issue Jan 25, 2024 · 4 comments
Labels
correction Data is inaccurate

Comments

@joebowbeer
Copy link
Contributor

joebowbeer commented Jan 25, 2024
edited
Loading

Describe the problem
The aws-auth configmap documentation needs an update, now that the Cluster Access Manager API has been added and is the preferred way to manage access of AWS IAM principals to Amazon EKS clusters.

Content to update:

The new Cluster Access Manager is mentioned in iam.md but there is a lot of old and possibly obsolete information preceding it. Suggestion: Move the aws-auth paragraph to the bottom and add a disclaimer.

The User Guide can also use an update. A lot of docs point to the following, which is now essentially obselete:

https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html#aws-auth-configmap

Users should be directed to the following instead?

https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html

References
@joebowbeer joebowbeer added the correction Data is inaccurate label Jan 25, 2024
@joebowbeer joebowbeer mentioned this issue Jan 29, 2024
Closed
@rodrigobersa
Copy link
Contributor

rodrigobersa commented Jan 30, 2024
edited
Loading

Hi @joebowbeer!

We are working on updating the Control Plane and Detective sections with content regarding Cluster Access Manager.

For the IAM section, since the aws-auth is not discontinued yet, we need to keep the documentation for it. As soon as it is not supported anymore, we can remove it. Same for the official Docs.

@joebowbeer
Copy link
Contributor Author

joebowbeer commented Jan 30, 2024
edited
Loading

@rodrigobersa good to hear.

Here are some basic corrections to IAM docs in their current form

#464

@rodrigobersa
Copy link
Contributor

That's nice! Thanks for bringing those up @joebowbeer!

@joebowbeer
Copy link
Contributor Author

joebowbeer commented Jul 12, 2024
edited
Loading

@rodrigobersa I think some of the above has been addressed. (Cool!)

Remaining content to update:

These pages only mention aws-auth, e.g.,

https://github.com/aws/aws-eks-best-practices/blob/master/content/reliability/docs/controlplane.md#cluster-authentication

The detective page mentions logging changes to aws-auth and does not include instructions for logging changes to access entries, which I assume would be advisable.

New: I recommend mentioning mkat as a way to verify that IMDSv2 is not accessible from pods.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
correction Data is inaccurate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joebowbeer @rodrigobersa