Amazon Elastic Kubernetes Service (eks)

2023-12-20

9 new actions, 2 new resources, 9 new conditions | 3 updated actions

Additions

    Actions
  • AssociateAccessPolicy
    • Description:  Grants permission to associate an Amazon EKS access policy to an Amazon EKS access entry
    • Access:  Write
    • Resources: 

      Name: access-entry

      Required: Yes

    • Conditions: 

      eks:policyArn

      eks:namespaces

      eks:accessScope
  • CreateAccessEntry
    • Description:  Grants permission to create an Amazon EKS access entry
    • Access:  Write
    • Resources: 

      Name: cluster

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

      eks:principalArn

      eks:kubernetesGroups

      eks:username

      eks:accessEntryType
  • DeleteAccessEntry
    • Description:  Grants permission to delete an Amazon EKS access entry
    • Access:  Write
    • Resources: 

      Name: access-entry

      Required: Yes

  • DescribeAccessEntry
    • Description:  Grants permission to describe an Amazon EKS access entry
    • Access:  Read
    • Resources: 

      Name: access-entry

      Required: Yes

  • DisassociateAccessPolicy
    • Description:  Grants permission to disassociate an Amazon EKS access policy from an Amazon EKS acces entry
    • Access:  Write
    • Resources: 

      Name: access-entry

      Required: Yes

    • Conditions: 

      eks:policyArn

      eks:namespaces

      eks:accessScope
  • ListAccessEntries
    • Description:  Grants permission to list all Amazon EKS access entries
    • Access:  List
    • Resources: 

      Name: cluster

      Required: Yes

  • ListAccessPolicies
    • Description:  Grants permission to list Amazon EKS access policies
    • Access:  List
  • ListAssociatedAccessPolicies
    • Description:  Grants permission to list associated access policy on and Amazon EKS access entry
    • Access:  List
    • Resources: 

      Name: access-entry

      Required: Yes

  • UpdateAccessEntry
    • Description:  Grants permission to update an Amazon EKS access entry
    • Access:  Write
    • Resources: 

      Name: access-entry

      Required: Yes

    Resources
  • access-entry
    • Arn:  arn:${Partition}:eks:${Region}:${Account}:access-entry/${ClusterName}/${IamIdentityType}/${IamIdentityAccountID}/${IamIdentityName}/${UUID}
    • Conditions: 

      aws:ResourceTag/${TagKey}

      eks:accessEntryType

      eks:clusterName

      eks:kubernetesGroups

      eks:principalArn

      eks:username
  • access-policy
    • Arn:  arn:${Partition}:eks::aws:cluster-access-policy/${AccessPolicyName}
    Conditions
  • eks:accessEntryType
    • Description:  Filters access by the access entry type present in the access entry requests the user makes to the EKS service
    • Type:  String
  • eks:accessScope
    • Description:  Filters access by the accessScope present in the associate / disassociate access policy requests the user makes to the EKS service
    • Type:  String
  • eks:bootstrapClusterCreatorAdminPermissions
    • Description:  Filters access by the bootstrapClusterCreatorAdminPermissions present in the create cluster request
    • Type:  String
  • eks:clusterName
    • Description:  Filters access by the clusterName present in the access entry requests the user makes to the EKS service
    • Type:  String
  • eks:kubernetesGroups
    • Description:  Filters access by the kubernetesGroups present in the access entry requests the user makes to the EKS service
    • Type:  String
  • eks:namespaces
    • Description:  Filters access by the namespaces present in the associate / disassociate access policy requests the user makes to the EKS service
    • Type:  ArrayOfString
  • eks:policyArn
    • Description:  Filters access by the policyArn present in the access entry requests the user makes to the EKS service
    • Type:  String
  • eks:principalArn
    • Description:  Filters access by the principalArn present in the access entry requests requests the user makes to the EKS service
    • Type:  String
  • eks:username
    • Description:  Filters access by the Kubernetes username present in the access entry requests the user makes to the EKS service
    • Type:  String

Updates