Skip to content

/AWS1/CL_EKSACCESSENTRY

An access entry allows an IAM principal (user or role) to access your cluster. Access entries can replace the need to maintain the aws-auth ConfigMap for authentication. For more information about access entries, see Access entries in the Amazon EKS User Guide.

CONSTRUCTOR

IMPORTING

Optional arguments:

IV_CLUSTERNAME TYPE /AWS1/EKSSTRING /AWS1/EKSSTRING

The name of your cluster.

IV_PRINCIPALARN TYPE /AWS1/EKSSTRING /AWS1/EKSSTRING

The ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN, the access entry isn't automatically deleted. We recommend that you delete the access entry with an ARN for an IAM principal that you delete. If you don't delete the access entry and ever recreate the IAM principal, even if it has the same ARN, the access entry won't work. This is because even though the ARN is the same for the recreated IAM principal, the roleID or userID (you can see this with the Security Token Service GetCallerIdentity API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don't see the IAM principal's roleID or userID for an access entry, Amazon EKS stores it with the access entry.

IT_KUBERNETESGROUPS TYPE /AWS1/CL_EKSSTRINGLIST_W=>TT_STRINGLIST TT_STRINGLIST

A name that you've specified in a Kubernetes RoleBinding or ClusterRoleBinding object so that Kubernetes authorizes the principalARN access to cluster objects.

IV_ACCESSENTRYARN TYPE /AWS1/EKSSTRING /AWS1/EKSSTRING

The ARN of the access entry.

IV_CREATEDAT TYPE /AWS1/EKSTIMESTAMP /AWS1/EKSTIMESTAMP

The Unix epoch timestamp at object creation.

IV_MODIFIEDAT TYPE /AWS1/EKSTIMESTAMP /AWS1/EKSTIMESTAMP

The Unix epoch timestamp for the last modification to the object.

IT_TAGS TYPE /AWS1/CL_EKSTAGMAP_W=>TT_TAGMAP TT_TAGMAP

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

IV_USERNAME TYPE /AWS1/EKSSTRING /AWS1/EKSSTRING

The name of a user that can authenticate to your cluster.

IV_TYPE TYPE /AWS1/EKSSTRING /AWS1/EKSSTRING

The type of the access entry.

Queryable Attributes

clusterName

The name of your cluster.

Accessible with the following methods

Method Description
GET_CLUSTERNAME() Getter for CLUSTERNAME, with configurable default
ASK_CLUSTERNAME() Getter for CLUSTERNAME w/ exceptions if field has no value
HAS_CLUSTERNAME() Determine if CLUSTERNAME has a value

principalArn

The ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN, the access entry isn't automatically deleted. We recommend that you delete the access entry with an ARN for an IAM principal that you delete. If you don't delete the access entry and ever recreate the IAM principal, even if it has the same ARN, the access entry won't work. This is because even though the ARN is the same for the recreated IAM principal, the roleID or userID (you can see this with the Security Token Service GetCallerIdentity API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don't see the IAM principal's roleID or userID for an access entry, Amazon EKS stores it with the access entry.

Accessible with the following methods

Method Description
GET_PRINCIPALARN() Getter for PRINCIPALARN, with configurable default
ASK_PRINCIPALARN() Getter for PRINCIPALARN w/ exceptions if field has no value
HAS_PRINCIPALARN() Determine if PRINCIPALARN has a value

kubernetesGroups

A name that you've specified in a Kubernetes RoleBinding or ClusterRoleBinding object so that Kubernetes authorizes the principalARN access to cluster objects.

Accessible with the following methods

Method Description
GET_KUBERNETESGROUPS() Getter for KUBERNETESGROUPS, with configurable default
ASK_KUBERNETESGROUPS() Getter for KUBERNETESGROUPS w/ exceptions if field has no va
HAS_KUBERNETESGROUPS() Determine if KUBERNETESGROUPS has a value

accessEntryArn

The ARN of the access entry.

Accessible with the following methods

Method Description
GET_ACCESSENTRYARN() Getter for ACCESSENTRYARN, with configurable default
ASK_ACCESSENTRYARN() Getter for ACCESSENTRYARN w/ exceptions if field has no valu
HAS_ACCESSENTRYARN() Determine if ACCESSENTRYARN has a value

createdAt

The Unix epoch timestamp at object creation.

Accessible with the following methods

Method Description
GET_CREATEDAT() Getter for CREATEDAT, with configurable default
ASK_CREATEDAT() Getter for CREATEDAT w/ exceptions if field has no value
HAS_CREATEDAT() Determine if CREATEDAT has a value

modifiedAt

The Unix epoch timestamp for the last modification to the object.

Accessible with the following methods

Method Description
GET_MODIFIEDAT() Getter for MODIFIEDAT, with configurable default
ASK_MODIFIEDAT() Getter for MODIFIEDAT w/ exceptions if field has no value
HAS_MODIFIEDAT() Determine if MODIFIEDAT has a value

tags

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

Accessible with the following methods

Method Description
GET_TAGS() Getter for TAGS, with configurable default
ASK_TAGS() Getter for TAGS w/ exceptions if field has no value
HAS_TAGS() Determine if TAGS has a value

username

The name of a user that can authenticate to your cluster.

Accessible with the following methods

Method Description
GET_USERNAME() Getter for USERNAME, with configurable default
ASK_USERNAME() Getter for USERNAME w/ exceptions if field has no value
HAS_USERNAME() Determine if USERNAME has a value

type

The type of the access entry.

Accessible with the following methods

Method Description
GET_TYPE() Getter for TYPE, with configurable default
ASK_TYPE() Getter for TYPE w/ exceptions if field has no value
HAS_TYPE() Determine if TYPE has a value