aws-cdk-lib.aws_eks.AwsAuth

class AwsAuth (construct)

LanguageType name
.NETAmazon.CDK.AWS.EKS.AwsAuth
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awseks#AwsAuth
Javasoftware.amazon.awscdk.services.eks.AwsAuth
Pythonaws_cdk.aws_eks.AwsAuth
TypeScript (source)aws-cdk-lib » aws_eks » AwsAuth

Implements IConstruct, IDependable

Manages mapping between IAM users and roles to Kubernetes RBAC configuration.

See also: https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_eks as eks } from 'aws-cdk-lib';

declare const cluster: eks.Cluster;
const awsAuth = new eks.AwsAuth(this, 'MyAwsAuth', {
  cluster: cluster,
});

Initializer

new AwsAuth(scope: Construct, id: string, props: AwsAuthProps)

Parameters

  • scope Construct
  • id string
  • props AwsAuthProps

Construct Props

NameTypeDescription
clusterClusterThe EKS cluster to apply this configuration to.

cluster

Type: Cluster

The EKS cluster to apply this configuration to.

[disable-awslint:ref-via-interface]

Properties

NameTypeDescription
nodeNodeThe tree node.

node

Type: Node

The tree node.

Methods

NameDescription
addAccount(accountId)Additional AWS account to add to the aws-auth configmap.
addMastersRole(role, username?)Adds the specified IAM role to the system:masters RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system.
addRoleMapping(role, mapping)Adds a mapping between an IAM role to a Kubernetes user and groups.
addUserMapping(user, mapping)Adds a mapping between an IAM user to a Kubernetes user and groups.
toString()Returns a string representation of this construct.

addAccount(accountId)

public addAccount(accountId: string): void

Parameters

  • accountId string — account number.

Additional AWS account to add to the aws-auth configmap.


addMastersRole(role, username?)

public addMastersRole(role: IRole, username?: string): void

Parameters

  • role IRole — The IAM role to add.
  • username string — Optional user (defaults to the role ARN).

Adds the specified IAM role to the system:masters RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system.


addRoleMapping(role, mapping)

public addRoleMapping(role: IRole, mapping: AwsAuthMapping): void

Parameters

  • role IRole — The IAM role to map.
  • mapping AwsAuthMapping — Mapping to k8s user name and groups.

Adds a mapping between an IAM role to a Kubernetes user and groups.


addUserMapping(user, mapping)

public addUserMapping(user: IUser, mapping: AwsAuthMapping): void

Parameters

  • user IUser — The IAM user to map.
  • mapping AwsAuthMapping — Mapping to k8s user name and groups.

Adds a mapping between an IAM user to a Kubernetes user and groups.


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.