Fylamynt Product Docs
  • Welcome to Fylamynt
  • Getting started
    • Onboarding Checklist
    • 1. Setting up your first Cloud Service target account
    • 2. Getting to know workflows
    • 3. Creating your first workflow using AWS Cloud Services
    • 4. Setting up your first Integration
    • 5. Setting up your first resource
    • 6. Creating your first Incident Response workflow
    • 7. Incident Management - Automatic workflow execution
    • 8. Quickstart - Fylamynt sample workflows
  • Integrations
    • Amazon EventBridge
    • Ansible
    • AWS
    • AWS Health
    • Container
    • Datadog
    • Elasticsearch
    • Generic Webhook
    • GitHub
    • Google Kubernetes Engine (GKE)
    • Humio
    • Instana
    • Jenkins
    • Jira
    • New Relic
    • Opsgenie
    • PagerDuty
    • Pulumi
    • Prometheus
    • ServiceNow
    • Slack
    • Splunk
    • Splunk On-Call (VictorOps)
    • Spot by Netapp
    • Squadcast
    • Sumo Logic
    • Teleport
    • Terraform Cloud
    • Terraform CLI
    • Twilio
    • Zoom
  • AWS Services
    • EC2
    • Service Health
  • RESOURCES
    • API Keys
    • CloudFormation Templates
    • CloudWatch Targets
    • EKS Permissions
    • S3 Buckets
    • SSH Targets
  • FEATURED WORKFLOWS
    • Stop or Terminate underutilized AWS resources
    • Rightsizing EC2 instances
    • Incident Response Automation
    • Application Performance Monitoring
  • Announcement
    • What's new?
  • Support
    • Contact Fylamynt
Powered by GitBook
On this page
  • Overview
  • Managing existing Kubernetes cluster with Fylamynt
  • Prerequisites
  • Create Role for EKS Control
  • Add Inline Policy to Target Account
  • Configure the Resource
  • Integration Actions
  • Deploy Cluster

Was this helpful?

  1. RESOURCES

EKS Permissions

EKS actions require some additional IAM configuration to create a cluster and access it.

PreviousCloudWatch TargetsNextS3 Buckets

Last updated 3 years ago

Was this helpful?

Overview

  • EKS clusters need an associated service-linked EKS Role to access other AWS services. If such a role does not already exist in the account, Create EKS Role provides instructions on how to create it.

  • The Target Account requires some privileges beyond PowerUserAccess to use EKS actions. Add Inline Policy to Target Account provides instructions on how to add these privileges. provides more detail on this requirement.

Managing existing Kubernetes cluster with Fylamynt

  • If you want to use an existing Kubernetes (k8s) cluster, you must allow one of your Fylamynt (AWS account configured) to access the k8s cluster. This can be done by associating a (AWS account configured) role ARN with a list of K8s groups (i.e. system:masters, system:basic-user). Please follow the instruction in to complete this process.

Prerequisites

Create Role for EKS Control

  • In the IAM Console, click on `Create role`

  • Note down the Role ARN

Add Inline Policy to Target Account

  • Once PassRole is selected, specify the role resource ARN by clicking on the Resources chevron

Configure the Resource

  • Navigate to Settings > Resource > EKS Permissions.

  • Click Manage EKS Permissions to create an integration instance.

  • Click on Add New

Details needed to provide EKS Permissions to Fylamynt:

Parameter

Description

Required

Account Alias

Target account in which to perform EKS operations

True

Name

Reference name for this instance. This will show up in resource menus for EKS actions

True

Assume Role ARN

The Role ARN from Create Role for EKS Control

True

Integration Actions

Deploy Cluster

The action can be used to create/deploy an EKS Cluster.

The role_arn parameter should match the one from Create Role for EKS Control. The alias should match an alias with the additional inline policy applied.

Select AWS service on the next screen

Pick EKS as the service

Pick EKS - Cluster as the specific use case in the lower half of the page

Click on Next: Tags and add any tags that you want

Add a Role name, save.

Search for the Role name on the next screen and click on it

Find the target account in the IAM console:

Click on Add inline policy

Click on Choose a service, enter IAM in the search box, then select IAM

Click on the Chevron for Write, select PassRole

Click on Add ARN

Enter the full ARN from the Role ARN noted earlier, click on Add.

Click on Review policy

Click on Create policy

Sample EKS Permission:

Deploy Cluster
Using Service-Linked Roles for Amazon EKS - Amazon EKS
Target Accounts
Target Account
Managing users or IAM roles for your cluster - Amazon EKS
Create Role for EKS Control
Add Inline Policy to Target Account