How to Grant IAM Access to AWS Cluster?

To grant IAM access to an AWS cluster using Pulumi in TypeScript, we will follow these steps:

1. Introduction: We will start with an introductory paragraph that explains the solution and the key services involved.

2. Step-by-Step Explanation: This section will provide a detailed, step-by-step guide on how to implement the solution.

3. Key Points: We will highlight the key points to remember while implementing the solution.

4. Conclusion: Finally, we will conclude with a summary of what we have achieved.

The key services involved in this solution are AWS IAM (Identity and Access Management) and Amazon EKS (Elastic Kubernetes Service). We will create an IAM role and attach the necessary policies to it, then associate this role with the EKS cluster to grant access.

Search terms:

• AWS IAM role
• Amazon EKS cluster
• Pulumi TypeScript IAM role
• Pulumi TypeScript EKS cluster

Full Code Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an IAM Role
const role = new aws.iam.Role("eksRole", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [
            {
                Action: "sts:AssumeRole",
                Principal: {
                    Service: "eks.amazonaws.com",
                },
                Effect: "Allow",
                Sid: ""
            }
        ]
    })
});

// Attach the AmazonEKSClusterPolicy to the role
const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("eksRolePolicyAttachment", {
    role: role.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
});

// Create an EKS Cluster
const eksCluster = new aws.eks.Cluster("eksCluster", {
    roleArn: role.arn,
    vpcConfig: {
        subnetIds: ["subnet-0bb1c79de3EXAMPLE"], // Replace with your subnet IDs
    }
});

export const eksClusterName = eksCluster.name;
export const eksClusterArn = eksCluster.arn;
export const iamRoleArn = role.arn;