> For the complete documentation index, see [llms.txt](https://docs.hava.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.hava.io/importing/kubernetes/getting-started-with-kubernetes/automatic-import-of-managed-kubernetes/aws-eks-cluster-configuration.md). # AWS EKS Cluster Configuration Unfortunately AWS IAM does not support giving a role or user access to the EKS clusters from the parent account, so a config change has to be added to each cluster. This guide will step you through setting up a clusterrole with the appropriate access, binding it to a Kubernetes group, and connecting it to an AWS role for access using AWS IAM. In this guide we use `eksctl` to apply changes to the aws-auth config map, you can do this directly as well if you don't have `eksutil` installed. See [Enabling IAM user and role access to your cluster](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html) for more information about modifying aws-auth ## 1. Create a read-only cluster role First we will create a new read-only cluster role and bind it to a group called `hava-ro`, which we will use later. The below yaml manifest will set up the role and the binding, download it and apply it to your kubernetes cluster using kubectl `kubectl apply -f ` ```yaml --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: name: hava-ro rules: - apiGroups: - "" resources: ["*"] verbs: - get - list - watch - apiGroups: - extensions resources: ["*"] verbs: - get - list - watch - apiGroups: - apps resources: ["*"] verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: ["*"] verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: hava-ro roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: hava-ro subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: hava-ro ``` ## 2. Update cluster auth configuration Next we will use eksctl to update the aws-auth config map to allow your role used for cross account access to the cluster. Make sure you are logged in to an AWS user that has access to the cluster, and run the following command. `eksctl create iamidentitymapping --cluster --region= --arn --group hava-ro --username hava-ro` Replace: \ with the name of the cluster you are updating \ is the ARN of the role you provide to Hava to import your data \ with the name of the cluster ## 3. Trigger sync on your source Last thing to do is to trigger the synchronization for the source in the hava UI, to import your Kubernetes information and draw a container diagram for your EKS cluster --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.hava.io/importing/kubernetes/getting-started-with-kubernetes/automatic-import-of-managed-kubernetes/aws-eks-cluster-configuration.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.