EKS sts assumeRole (IAM group<->Role)

Purpose

eks aws-auth를 user별 등록 대신 role-mapping으로 auth 하려함

AWS

  1. iam->role->create role->EKS->AmazonEKSServiceRolePolicy->create

2. edit permission

iam group 에 생성한 policy 연결

$ aws eks update-kubeconfig --name {eks-name} --region {region} --role-arn arn:aws:iam::XXXX:role/{role-name}
$ kubectl get ns

Reference

https://stackoverflow.com/questions/34922920/how-can-i-allow-a-group-to-assume-a-role