EKS Access Entry

EKS Access Entry is an AWS resource that defines access permissions for Amazon Elastic Kubernetes Service clusters. It allows you to specify which principals, such as IAM users or roles, can access a cluster and what level of permissions they have. This provides fine-grained control over authentication and authorization, making it easier to manage secure access to Kubernetes resources without manually editing the cluster’s configuration.

aws.eks_access_entry

Fields

TitleIDTypeData TypeDescription
_keycorestring
access_entry_arncorestringThe ARN of the access entry.
account_idcorestring
cluster_namecorestringThe name of your cluster.
created_atcoretimestampThe Unix epoch timestamp at object creation.
kubernetes_groupscorearray<string>A name that you've specified in a Kubernetes RoleBinding or ClusterRoleBinding object so that Kubernetes authorizes the principalARN access to cluster objects.
modified_atcoretimestampThe Unix epoch timestamp for the last modification to the object.
principal_arncorestringThe ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN, the access entry isn't automatically deleted. We recommend that you delete the access entry with an ARN for an IAM principal that you delete. If you don't delete the access entry and ever recreate the IAM principal, even if it has the same ARN, the access entry won't work. This is because even though the ARN is the same for the recreated IAM principal, the roleID or userID (you can see this with the Security Token Service GetCallerIdentity API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don't see the IAM principal's roleID or userID for an access entry, Amazon EKS stores it with the access entry.
tagscorehstore
typecorestringThe type of the access entry.
usernamecorestringThe name of a user that can authenticate to your cluster.