# EKS Permissions ## **Overview** * EKS clusters need an associated *service-linked* **EKS Role** to access other AWS services. If such a role does not already exist in the account, **Create EKS Role** provides instructions on how to create it. * The Target Account requires some privileges beyond PowerUserAccess to use EKS actions. **Add Inline Policy to Target Account** provides instructions on how to add these privileges.[ ![](https://docs.aws.amazon.com/assets/images/favicon.ico)Using Service-Linked Roles for Amazon EKS - Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/using-service-linked-roles.html) provides more detail on this requirement. ### Managing existing Kubernetes cluster with Fylamynt * If you want to use an existing Kubernetes (k8s) cluster, you must allow one of your Fylamynt [Target Accounts](/integrations/aws.md) (AWS account configured) to access the k8s cluster. This can be done by associating a [Target Account](/integrations/aws.md) (AWS account configured) role ARN with a list of K8s groups (i.e. system:masters, system:basic-user). Please follow the instruction in[ ![](https://docs.aws.amazon.com/assets/images/favicon.ico)Managing users or IAM roles for your cluster - Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html) to complete this process. ## **Prerequisites** 1. [Create Role for EKS Control](/resources/eks.md#create-role-for-eks-control) 2. [Add Inline Policy to Target Account](/resources/eks.md#add-inline-policy-to-target-account) ### **Create Role for EKS Control** * In the IAM Console, click on \`Create role\`![](blob:https://fylamynt.atlassian.net/41ed068c-b6c6-4a7e-a5fa-a275b8d2d3bb#media-blob-url=true\&id=fc203638-3696-4434-a74e-2f66bdb95f68\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-16%20at%2010.48.50%20AM.png\&size=115159\&width=707\&height=314) ![](/files/-MaFe-DeehXQlMCdTI3j) * Select AWS service on the next screen![](blob:https://fylamynt.atlassian.net/1b8869f4-4ce5-4ffe-89e9-53d2cc6604e6#media-blob-url=true\&id=e73664b8-475b-4867-9fec-b4fcd1d876ec\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-16%20at%2010.49.27%20AM.png\&size=177713\&width=550\&height=508) ![](/files/-MaFdyWf-jHWo8Fg6fHE) * Pick EKS as the **service**![](blob:https://fylamynt.atlassian.net/b90208dc-7ef5-474a-900b-de66b950368a#media-blob-url=true\&id=36e53713-e7ac-40ed-aa34-997b188a0210\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-16%20at%2010.52.46%20AM.png\&size=203962\&width=550\&height=508) ![](/files/-MaFdwIVmm6g98uWmgmN) * Pick **EKS - Cluster** as the specific use case in the lower half of the page![](blob:https://fylamynt.atlassian.net/8b44b36c-1bf7-4956-90d8-fc88e3640084#media-blob-url=true\&id=3c5f2ecc-cea4-490b-ab83-ee209c58e9f5\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-16%20at%2010.53.47%20AM.png\&size=63038\&width=550\&height=204) ![](/files/-MaFdu9KTh8VeI7nV_n3) * Click on Next: Tags and add any tags that you want![](blob:https://fylamynt.atlassian.net/f396eedf-5232-4219-a19a-c9b4808f826e#media-blob-url=true\&id=1dba4c3b-62f4-4f2f-b723-336b9e8d80d5\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-16%20at%2010.54.29%20AM.png\&size=24693\&width=415\&height=159) ![](/files/-MaFdsA6wenw3EU6Mdf3) * Add a **Role name**, save.![](blob:https://fylamynt.atlassian.net/b4253bc5-55bc-4da5-b3e2-130351a2ee4a#media-blob-url=true\&id=e78f2410-e27d-4758-aff0-a159930d02b7\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-16%20at%2010.55.38%20AM.png\&size=124231\&width=678\&height=414) ![](/files/-MaFdo7DtqIIYmaKbRYt) * Search for the **Role name** on the next screen and click on it![](blob:https://fylamynt.atlassian.net/31c47ae7-f200-4810-8e41-43f376fec25f#media-blob-url=true\&id=d5f42190-537a-47d7-bc0a-d62208a5dca5\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-16%20at%2010.58.39%20AM.png\&size=61948\&width=709\&height=274) ![](/files/-MaFdlOlBVnNkQlJZ2SG) * Note down the **Role ARN** ![](/files/-MaFdgCiWy2RCXF7qmq2) ### **Add Inline Policy to Target Account** * Find the target account in the **IAM** console:![](blob:https://fylamynt.atlassian.net/c08d0b09-190c-4434-b34c-28420cf3ba99#media-blob-url=true\&id=bd0419d8-06a3-4bb0-a8cd-658450ecb9d1\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-17%20at%2012.03.55%20PM.png\&size=221736\&width=1046\&height=526) ![](/files/-MaFd_hALRSwrPkoMABn) * Click on **Add inline policy**![](blob:https://fylamynt.atlassian.net/0d9d8aa8-dd00-4829-935a-4e679d15123c#media-blob-url=true\&id=a8ffaa1a-3680-41a8-823d-615ce635d0bd\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-17%20at%2012.04.17%20PM.png\&size=173530\&width=1124\&height=535) ![](/files/-MaFdcNmG7zv3zJkmZvM) * Click on **Choose a service**, enter *IAM* in the search box, then select **IAM**![](blob:https://fylamynt.atlassian.net/d400f417-8c41-406e-99a1-31acb30c0b1f#media-blob-url=true\&id=141635d8-79e0-4535-afa9-89c8090fc2e5\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-17%20at%2012.04.39%20PM.png\&size=190290\&width=1124\&height=535) ![](/files/-MaFdWpx62XooBrFb6BA) * Click on the Chevron for **Write**, select **PassRole**![](blob:https://fylamynt.atlassian.net/fb209d7f-8cd9-4a69-b2a1-ac91ccbdb593#media-blob-url=true\&id=ff36ef13-e3dc-4221-9924-ef820e9245ca\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-17%20at%2012.05.10%20PM.png\&size=308505\&width=1124\&height=535) ![](/files/-MaFdUWb5X26ki3rlSdu) * Once **PassRole** is selected, specify the **role** resource ARN by clicking on the **Resources** chevron ![](/files/-MaFdDlfFbnTfX1lA6Xa) * Click on **Add ARN**![](blob:https://fylamynt.atlassian.net/3db7a7a6-644a-4d6e-9082-e364ee9689ad#media-blob-url=true\&id=9df6f2c8-d632-45b7-92cb-13297d9a8704\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-17%20at%2012.07.15%20PM.png\&size=163247\&width=1124\&height=535) ![](/files/-MaFd9miavcMHGDccAmx) * Enter the full ARN from the **Role ARN** noted earlier, click on **Add.**![](blob:https://fylamynt.atlassian.net/7be03340-9a97-4fcb-9a11-3b12acd3d320#media-blob-url=true\&id=70229985-5411-4c50-bd20-fa33ec8ae848\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-17%20at%2012.07.44%20PM.png\&size=257937\&width=1124\&height=535) ![](/files/-MaFd7mSBotSyP4QHeNN) * Click on **Review policy**![](blob:https://fylamynt.atlassian.net/401aeaa2-b9e9-469d-ba6e-918200a9a19a#media-blob-url=true\&id=34c031dc-ca5f-4a9b-b906-d0bb26b1923e\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-17%20at%2012.07.58%20PM.png\&size=182413\&width=1124\&height=535) ![](/files/-MaFd5lmph3ypqwDRw6o) * Click on **Create policy**![](blob:https://fylamynt.atlassian.net/d4f4d024-24fb-4e07-b1da-3b019ad1dd7c#media-blob-url=true\&id=72498181-dee3-4512-ae5f-f924121189dc\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-03-17%20at%2012.08.26%20PM.png\&size=146815\&width=1124\&height=535) ![](/files/-MaFd3YMwddFNPrMx6Mz) ## Configure the Resource * Navigate to **Settings** > **Resource** > **EKS Permissions**. * Click **Manage EKS Permissions** to create an integration instance. * Click on **Add New** Details needed to provide **EKS Permissions** to **Fylamynt**: | **Parameter** | Description | **Required** | | --------------- | ------------------------------------------------------------------------------------- | ------------ | | Account Alias | Target account in which to perform EKS operations | True | | Name | Reference name for this instance. This will show up in resource menus for EKS actions | True | | Assume Role ARN | The **Role ARN** from **Create Role for EKS Control** | True | Sample EKS Permission:![](blob:https://fylamynt.atlassian.net/7049a0d2-1525-49ca-9ddd-4e0db3e7ebbd#media-blob-url=true\&id=e909fd49-9734-415e-b5f1-fa0acef6a289\&collection=contentId-427556952\&contextId=427556952\&mimeType=image%2Fpng\&name=Screen%20Shot%202021-05-21%20at%2010.33.48%20AM.png\&size=49626\&width=1143\&height=194) ![](/files/-MaFcqcqr8VLnWTdYPVg) ## Integration Actions 1. [Deploy Cluster](#deploy-cluster) ### Deploy Cluster The action can be used to create/deploy an EKS Cluster. ![](/files/-MaFcnAoKNFniHPfutjQ) The role\_arn parameter should match the one from **Create Role for EKS Control.** The alias should match an alias with the additional inline policy applied. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fylamynt.com/resources/eks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.