/AWS1/CL_EKSACCESSENTRY¶
An access entry allows an IAM principal (user or role) to access your
cluster. Access entries can replace the need to maintain the aws-auth
ConfigMap
for authentication. For more information about access entries,
see Access
entries in the Amazon EKS User Guide.
CONSTRUCTOR
¶
IMPORTING¶
Optional arguments:¶
IV_CLUSTERNAME
TYPE /AWS1/EKSSTRING
/AWS1/EKSSTRING
¶
The name of your cluster.
IV_PRINCIPALARN
TYPE /AWS1/EKSSTRING
/AWS1/EKSSTRING
¶
The ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN, the access entry isn't automatically deleted. We recommend that you delete the access entry with an ARN for an IAM principal that you delete. If you don't delete the access entry and ever recreate the IAM principal, even if it has the same ARN, the access entry won't work. This is because even though the ARN is the same for the recreated IAM principal, the
roleID
oruserID
(you can see this with the Security Token ServiceGetCallerIdentity
API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don't see the IAM principal'sroleID
oruserID
for an access entry, Amazon EKS stores it with the access entry.
IT_KUBERNETESGROUPS
TYPE /AWS1/CL_EKSSTRINGLIST_W=>TT_STRINGLIST
TT_STRINGLIST
¶
A
name
that you've specified in a KubernetesRoleBinding
orClusterRoleBinding
object so that Kubernetes authorizes theprincipalARN
access to cluster objects.
IV_ACCESSENTRYARN
TYPE /AWS1/EKSSTRING
/AWS1/EKSSTRING
¶
The ARN of the access entry.
IV_CREATEDAT
TYPE /AWS1/EKSTIMESTAMP
/AWS1/EKSTIMESTAMP
¶
The Unix epoch timestamp at object creation.
IV_MODIFIEDAT
TYPE /AWS1/EKSTIMESTAMP
/AWS1/EKSTIMESTAMP
¶
The Unix epoch timestamp for the last modification to the object.
IT_TAGS
TYPE /AWS1/CL_EKSTAGMAP_W=>TT_TAGMAP
TT_TAGMAP
¶
Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
IV_USERNAME
TYPE /AWS1/EKSSTRING
/AWS1/EKSSTRING
¶
The
name
of a user that can authenticate to your cluster.
IV_TYPE
TYPE /AWS1/EKSSTRING
/AWS1/EKSSTRING
¶
The type of the access entry.
Queryable Attributes¶
clusterName¶
The name of your cluster.
Accessible with the following methods¶
Method | Description |
---|---|
GET_CLUSTERNAME() |
Getter for CLUSTERNAME, with configurable default |
ASK_CLUSTERNAME() |
Getter for CLUSTERNAME w/ exceptions if field has no value |
HAS_CLUSTERNAME() |
Determine if CLUSTERNAME has a value |
principalArn¶
The ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN, the access entry isn't automatically deleted. We recommend that you delete the access entry with an ARN for an IAM principal that you delete. If you don't delete the access entry and ever recreate the IAM principal, even if it has the same ARN, the access entry won't work. This is because even though the ARN is the same for the recreated IAM principal, the
roleID
oruserID
(you can see this with the Security Token ServiceGetCallerIdentity
API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don't see the IAM principal'sroleID
oruserID
for an access entry, Amazon EKS stores it with the access entry.
Accessible with the following methods¶
Method | Description |
---|---|
GET_PRINCIPALARN() |
Getter for PRINCIPALARN, with configurable default |
ASK_PRINCIPALARN() |
Getter for PRINCIPALARN w/ exceptions if field has no value |
HAS_PRINCIPALARN() |
Determine if PRINCIPALARN has a value |
kubernetesGroups¶
A
name
that you've specified in a KubernetesRoleBinding
orClusterRoleBinding
object so that Kubernetes authorizes theprincipalARN
access to cluster objects.
Accessible with the following methods¶
Method | Description |
---|---|
GET_KUBERNETESGROUPS() |
Getter for KUBERNETESGROUPS, with configurable default |
ASK_KUBERNETESGROUPS() |
Getter for KUBERNETESGROUPS w/ exceptions if field has no va |
HAS_KUBERNETESGROUPS() |
Determine if KUBERNETESGROUPS has a value |
accessEntryArn¶
The ARN of the access entry.
Accessible with the following methods¶
Method | Description |
---|---|
GET_ACCESSENTRYARN() |
Getter for ACCESSENTRYARN, with configurable default |
ASK_ACCESSENTRYARN() |
Getter for ACCESSENTRYARN w/ exceptions if field has no valu |
HAS_ACCESSENTRYARN() |
Determine if ACCESSENTRYARN has a value |
createdAt¶
The Unix epoch timestamp at object creation.
Accessible with the following methods¶
Method | Description |
---|---|
GET_CREATEDAT() |
Getter for CREATEDAT, with configurable default |
ASK_CREATEDAT() |
Getter for CREATEDAT w/ exceptions if field has no value |
HAS_CREATEDAT() |
Determine if CREATEDAT has a value |
modifiedAt¶
The Unix epoch timestamp for the last modification to the object.
Accessible with the following methods¶
Method | Description |
---|---|
GET_MODIFIEDAT() |
Getter for MODIFIEDAT, with configurable default |
ASK_MODIFIEDAT() |
Getter for MODIFIEDAT w/ exceptions if field has no value |
HAS_MODIFIEDAT() |
Determine if MODIFIEDAT has a value |
tags¶
Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
Accessible with the following methods¶
Method | Description |
---|---|
GET_TAGS() |
Getter for TAGS, with configurable default |
ASK_TAGS() |
Getter for TAGS w/ exceptions if field has no value |
HAS_TAGS() |
Determine if TAGS has a value |
username¶
The
name
of a user that can authenticate to your cluster.
Accessible with the following methods¶
Method | Description |
---|---|
GET_USERNAME() |
Getter for USERNAME, with configurable default |
ASK_USERNAME() |
Getter for USERNAME w/ exceptions if field has no value |
HAS_USERNAME() |
Determine if USERNAME has a value |
type¶
The type of the access entry.
Accessible with the following methods¶
Method | Description |
---|---|
GET_TYPE() |
Getter for TYPE, with configurable default |
ASK_TYPE() |
Getter for TYPE w/ exceptions if field has no value |
HAS_TYPE() |
Determine if TYPE has a value |