I need to access EKS Cluster through EC2 instance sitting in same VPC in which EKS Cluster is created, and we do not have secret key available for that role?
I have tried created the roles with all admin permission and assign that role to EC2 instances and try to access it through system manager but I could not able to authenticate the EKS cluster. By default I am using EC2privateDNSconfig role which is there in AWSAuth.
Can I create a user and assign a role and add it to AWSAuthConfig and able to access the EKS cluster?
Related
Which IAM role/roles should I assign to an EC2 Instance to create EKS Cluster using eksctl command line tool? As storing AWS CLI credentials in EC2 Instance is not a secure option.
I want to allow a kubernetes cluster, all the pods running in it, to access my ec2 machine.
This means I have to allow a particular IP or a range of IPs in the security group of my ec2 machine.
But what is that one IP or a range of IPs that I'd have to enter in the security group of EC2 machine?
The pods in kubernetes run in worker nodes which are nothing but ec2 instances and have their own security group. If you want your ec2 instance which is outside the cluster to accept connection from pods in kubernetes cluster, you can add an inbound rule in the ec2 instance with source security group value that of the worker nodes security group.
Why is that the pods in the kubernetes cluster wants to access an ec2 instance outside the cluster. You can also bring the ec2 instance within your kubernetes cluster and if need be, you can expose the ec2 instance's process via kubernetes service.
So I have 2 aws accounts,
in one I have the ECS Cluster
in the other one I have a few EC2 instances
How to tell those EC2 instances to connect to that ECS cluster?
I was reading here How to register EC2 Instance to ECS cluster? that you could lunch an instance and edit the /etc/ecs/ecs.config but there is only CS_CLUSTER={cluster_name} to change, not sure how to reference a cluster from the other account/region.
How to add IAM Role to Running Instance ? I know that that's one is not possible using Console, but is there any alternative ?
You can assign an IAM role to your instance using the following workaround:
Create an AMI for your instance;
Terminate your old instance;
Re-deploy it again from previously created AMI and assing an IAM role during the process.
Assigning an IAM (Identity and Access Management) Role to an Amazon EC2 instance is a way of securely providing rotating credentials to applications running on an EC2 instance. Such roles must be assigned when the instance is first launched.
If the instance you would like to use has already been launched, either:
Launch a new instance ("Launch More Like This") with a Role, or
Create a User in IAM: You will receive an Access Key and Secret Key that can be configured in the instance by using the aws configure command. This is part of the AWS Command-Line Interface (CLI).
See documentation: Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances
How set an amazon ec2 user to have access to a specific instance only?
Can the user to whom I want to give access to a specific instance of my EC2 account be using a separate amazon ec2 account from mine?