🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: th-cam.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl
Playlist: th-cam.com/play/PLiMWaCMwGJXkeBzos8QuUxiYT6j8JYGE5.html ⏱️TIMESTAMPS⏱️ 0:00 Intro 0:40 Add an IAM user with read only access to EKS cluster 12:50 Add an IAM role with root access and assume this role by IAM user
@@AntonPutra i found 1 issue related to sts token, whenever i run terraform init i get this invalid client token, i created terraform user, added in to aws profile but couldn’t solve it, later i used sts get token and exported then it worked. I followed each steps defined in VPC video. If u can guid us will be very helpful
Thanks for your tutorial. It's really nice job. If I may propose to you, maybe to create a little bit even more advanced video where you can use both VPC and EKS official Terraform modules. As they are very complex and hard to understand and widely used at the same time so it will be worth if someone roughly explains them. Also it will be nice to deploy all necessary resources for EKS to work in production for example: AWS Load balance controller, Autoscaler, Container insights. Keep up the great job, regards!
Hi buddy i watched your all the videos related to terraform EKS session it was excellent way of explanation. could you please upload the video terraform cluster auto scaling (worker node creation and deletion ) based on the workload traffic?
Pls do video on below requirement. 1.IAM role for pods to be able to access EFS. 2. IAM role for cluster-auto scaler. 3. IAM role for alb-ingress controller
Not quite sure if I understand your question correctly, "reader" k8s group is a part of the Kubernetes rRole-based access control mechanism (RBAC) created in Kubernetes itself using yaml definition similar to deployment object. github.com/antonputra/tutorials/blob/main/lessons/038/k8s/rbac.yaml#L5
Anton, great video! I have a question for federated users. We authenticate through Okta at my job in which we're attached into 1 of 2 IAM roles. We are staying away from using IAM groups. How can a federated user be attached to the bindings in that case? I can contact you elsewhere if the question needs more details. Thanks again for the video!
@@AntonPutra that would be amazing. I figured a decent portion of it out but it doesn't seem to like showing me pod/logs. Hopefully you're video can straighten out some of the issues I'm having!
Hi Anton! Great job with this tutorial... keep it up! Just one thing... I can't find the JSON code for the policies in your GitLab repo. thanks in advance!
@@AntonPutra I believe eks load balancing has new update. Think it's called AWS Load Balancer Controller. Furthermore, I see that in some other examples, they don't have to create a service with those annotations like you have. Why is this so?
Hey Anton! Thanks for the great video. One doubt I have here is we can see that you have update the kubeconfig using eks-admin profile and then we are able to do the stuffs. How to verify that an IAM user who is able to assume this role can perform the actions inside the cluster? We are just doing all the operations using eks-admin role which already has system:masters permission at the cluster level and hence we are getting response as yes. Its a bit confusing. Any insight on this?
Little bit confused by the question, what do you mean by "actions inside the cluster"? You can verify locally by using different IAM users with and without access to the eks-admin role
@@AntonPutra I figured out, we need to assume the role and then add the profile containing temporary credentials inside the ~/.aws/credentials Finally do aws eks update-kubeconfig using that assumed role profile to verify the access. Thank you
Hi Anton, thank you for these great videos. May I please ask why you had to create policy (AmazonEKSDeveloperPolicy) and also create the cluster role? It seems to me that it is the same thing or are they different permissions altogether. Thank-you.
IAM role on its own does not grant any permissions to the subject it's like a container, you need to create IAM policy where you would provide access to some resources and attach it to the role, or you can use AWS managed role with predefined permissions.
Hi Anton, Great tutorial, I have subscribed and liked your videos, just wondering if you are able to update the video to create the roles, policies in terraform code please instead of manually, ideally one for manager/admin group and the other for reader group to assume manager and reader role accordingly, may be adding one/two users to each group for testing purpose. I have tried this, but I don't quite understand how to write this with terraform.
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: th-cam.com/play/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l.html&si=wc6LIC5V2tD-Tzwl
This is the best video i have seen on Terraform, well structured without missing a step. Thank you so much for this
Thank you!
🟢 [New] Terragrunt Tutorial: Create VPC, EKS from Scratch! (Step-by-Step) - th-cam.com/video/yduHaOj3XMg/w-d-xo.html
Thank you very much for the video, helped me a lot, I checked many videos related to this content, this one is the purest and best 👍🏻
Thanks!!
Hi Anton, just wanted to say thank for this video!!!
Thanks Antheus!
👉 How to Manage Secrets in Terraform - th-cam.com/video/3N0tGKwvBdA/w-d-xo.html
👉 Terraform Tips & Tricks - th-cam.com/video/7S94oUTy2z4/w-d-xo.html
👉 ArgoCD Tutorial - th-cam.com/video/zGndgdGa1Tc/w-d-xo.html
Thanks, your tutorial helped alot in understanding the whole concept of accessing cluster. thanks again
You are welcome!
Get Full-Length High-Quality DevOps Tutorials for Free - Subscribe Now! - th-cam.com/users/AntonPutra
Thank you very much for sharing this video, very well and explained and easy to understand !!
Thank you Hamnlet!
Playlist: th-cam.com/play/PLiMWaCMwGJXkeBzos8QuUxiYT6j8JYGE5.html
⏱️TIMESTAMPS⏱️
0:00 Intro
0:40 Add an IAM user with read only access to EKS cluster
12:50 Add an IAM role with root access and assume this role by IAM user
This is exactly what i was looking for. Thank you very much.
Liked subscribed ✌️
Awesome, thank you!
Awesome explanation. Really helped me to understand RBAC.
Great to hear!
🔴UPDATED🔴: How to Add IAM User and IAM Role to AWS EKS Cluster?- th-cam.com/video/EGdN21F2Jfw/w-d-xo.html
Available on January 3
Thank you for this! Great tutorial.
Thanks Zara!
Anton, you're doing a great job! Keep it up! = )
Thanks, will do!
simple very clear
thanks!
Awesome video, it helped cleared lot of confusion. Thanks for the video
Thanks Lalit!
@@AntonPutra i found 1 issue related to sts token, whenever i run terraform init i get this invalid client token, i created terraform user, added in to aws profile but couldn’t solve it, later i used sts get token and exported then it worked. I followed each steps defined in VPC video. If u can guid us will be very helpful
@@AntonPutra but I really liked all your videos and i refer your videos whenever i am stuck
Great tutorial! Thank you so much!
You're very welcome!
Thanks for your tutorial. It was a very helpfull for me
Thanks for the support:)
Excellent, thank you sir.
Very welcome Alejandro
Thanks for your tutorial. It's really nice job.
If I may propose to you, maybe to create a little bit even more advanced video where you can use both VPC and EKS official Terraform modules. As they are very complex and hard to understand and widely used at the same time so it will be worth if someone roughly explains them. Also it will be nice to deploy all necessary resources for EKS to work in production for example: AWS Load balance controller, Autoscaler, Container insights.
Keep up the great job, regards!
Thank you for the suggestions. I'll defiantly cover those components in the future.
By the way, EKS Cluster Auto Scaling - th-cam.com/video/gwmdboC-BtE/w-d-xo.html and horizontal pod autoscaler video will go out on Wednesday.
@@AntonPutra Wow, great, it's so important for the whole setup. Thanks man!
Thanks dude, it's nice and deep
Thank you too!
Gostei, conteúdo completo.
Thanks!
Hi buddy i watched your all the videos related to terraform EKS session it was excellent way of explanation.
could you please upload the video terraform cluster auto scaling (worker node creation and deletion ) based on the workload traffic?
Will upload soon, thanks
Pls do video on below requirement.
1.IAM role for pods to be able to access EFS.
2. IAM role for cluster-auto scaler.
3. IAM role for alb-ingress controller
I have similar videos except 3
1. th-cam.com/video/bu0M2y2g1m8/w-d-xo.html
2. th-cam.com/video/gwmdboC-BtE/w-d-xo.html
3. TODO :)
@@AntonPutra you are awesome ur videos r crisp and clear... Thank you so much
@@bhupathivarma9170 🥰
@@AntonPutra please help with 3 if possible
@@bhupathivarma9170 do you have any specific use case for 3? Can you describe your workload?
thank you
Welcome!
Antona Great video it helped me lot. have one question . can we add user grop aws-auth file instade of single user ?
No, instead of group you can only add IAM role only
Thanks Anton. It's very useful to me. quick question...where did you create kubernetes group called "reader"?
Not quite sure if I understand your question correctly, "reader" k8s group is a part of the Kubernetes rRole-based access control mechanism (RBAC) created in Kubernetes itself using yaml definition similar to deployment object. github.com/antonputra/tutorials/blob/main/lessons/038/k8s/rbac.yaml#L5
Thanks @@AntonPutra for your response. This file has ClusterRole and ClusterRoleBinding. Don't we need to create a group called 'reader' explicitly?
Anton, great video! I have a question for federated users. We authenticate through Okta at my job in which we're attached into 1 of 2 IAM roles. We are staying away from using IAM groups. How can a federated user be attached to the bindings in that case? I can contact you elsewhere if the question needs more details. Thanks again for the video!
Thank you for the question, it's a common use case to use federated users and especially okta. I will try to create a video about this topic soon!
@@AntonPutra that would be amazing. I figured a decent portion of it out but it doesn't seem to like showing me pod/logs. Hopefully you're video can straighten out some of the issues I'm having!
Hi....can you continue the playlist with your eks cluster on fargate.
Sure
Hi Anton! Great job with this tutorial... keep it up!
Just one thing... I can't find the JSON code for the policies in your GitLab repo.
thanks in advance!
GitHub not GitLab :)
Thank you, I forgot to add it to github, but you can grab it from here - antonputra.com/eks-add-user-vs-role/
@@AntonPutra hi, the link is no longer available, can i grab the policy json from anywhere else?
@@itaihuber Here github.com/antonputra/tutorials/tree/main/lessons/038?
awesome series! watched everything!
Is there any difference with the new update to eks?
Thanks, what do you mean?
@@AntonPutra I believe eks load balancing has new update. Think it's called AWS Load Balancer Controller. Furthermore, I see that in some other examples, they don't have to create a service with those annotations like you have. Why is this so?
I have an EKS cluster in us-gov-west-1 but want to pull images from our ECR in us-east-2, what is the best way to achieve this?
there is a tool that can copy images ami and ecr to gov cloud, i don't remember exact github url
Hey Anton! Thanks for the great video. One doubt I have here is we can see that you have update the kubeconfig using eks-admin profile and then we are able to do the stuffs. How to verify that an IAM user who is able to assume this role can perform the actions inside the cluster? We are just doing all the operations using eks-admin role which already has system:masters permission at the cluster level and hence we are getting response as yes. Its a bit confusing. Any insight on this?
Little bit confused by the question, what do you mean by "actions inside the cluster"?
You can verify locally by using different IAM users with and without access to the eks-admin role
@@AntonPutra I figured out, we need to assume the role and then add the profile containing temporary credentials inside the ~/.aws/credentials
Finally do aws eks update-kubeconfig using that assumed role profile to verify the access.
Thank you
Hi Anton, thank you for these great videos. May I please ask why you had to create policy (AmazonEKSDeveloperPolicy) and also create the cluster role? It seems to me that it is the same thing or are they different permissions altogether. Thank-you.
IAM role on its own does not grant any permissions to the subject it's like a container, you need to create IAM policy where you would provide access to some resources and attach it to the role, or you can use AWS managed role with predefined permissions.
@@AntonPutra Thank-you.
Hi if the task is to Create Secure User in Kubernetes and Map to IAM role, I have to use map roles or mapuser?
You should "Create Secure User" in k8s and map to aws iam role
@@AntonPutra how can I create an user?
Hi Anton, Great tutorial, I have subscribed and liked your videos, just wondering if you are able to update the video to create the roles, policies in terraform code please instead of manually, ideally one for manager/admin group and the other for reader group to assume manager and reader role accordingly, may be adding one/two users to each group for testing purpose. I have tried this, but I don't quite understand how to write this with terraform.
Thanks for the question, I will create a video soon.
But how can we add users with Terraform code?
here i have terraform version - th-cam.com/video/6COvT1Zu9o0/w-d-xo.html
Thank You, Amazing content! Keep growing
Why didn't you use RBAC for the second option?
how come? maybe built in group?
Is it still done this way?
there is a new EKS API which can be used, here is updated version - th-cam.com/video/6COvT1Zu9o0/w-d-xo.html
Can not find the IAM policies JSON file in your Github
You can find them here - antonputra.com/eks-add-user-vs-role/
@@AntonPutra Nope. Get a 404
@@AntonPutra page is not available
@@swapniljadhav6049 just updated - antonputra.com/kubernetes/add-iam-user-and-iam-role-to-eks/
Can you please increate the volume?
it's pretty high