This message was deleted.
# general
a
This message was deleted.
c
You need to create IAM user with permissions from to following doc:
After that you need to create Cloud Credentials with the access_key and it's secret_key
And finaly when you import/create the EKS you should specify what cloud credentials to be used
l
thanks I will give it a try and share the status...Thanks for your help
🙌 1
a
@calm-exabyte-238 This link https://rancher-users.slack.com/archives/C3ASABBD1/p1671025623437609?thread_ts=1671020807.088559&cid=C3ASABBD1 has too much permissions i believe. What if someone doesn't want rancher to manage
nodegroup
create / delete. just purely able to import the cluster and use rancher UI to navigate to k8s resources. Not questioning your help just we are in a situation where
we deleting some nodegroups
and rancher creating them automatically which is bad and we don't want for our usecase. we are just importing EKS cluster.
c
Yes i understand. Had the same situation. Just don't give the permissions to create/delete node groups. The minimum permissions that works for me is eks:list/read .... If you just want to use rancher to browse the EKS clusters you can use the snippet below or at least I am using it and it works as expected. Note that i am not in the Rancher team. I am just sharing my experience
{
{
"Sid": "KMSPermisssions",
"Effect": "Allow",
"Action": "kms:ListKeys",
"Resource": "*"
},
{
"Sid": "EKSPermisssions",
"Effect": "Allow",
"Action": [
"eks:UpdateClusterConfig",
"eks:UntagResource",
"eks:TagResource",
"eks:ListUpdates",
"eks:ListTagsForResource",
"eks:ListNodegroups",
"eks:ListFargateProfiles",
"eks:ListClusters",
"eks:DescribeUpdate",
"eks:DescribeNodegroup",
"eks:DescribeFargateProfile",
"eks:DescribeCluster"
],
"Resource": "*"
}
]
}
a
I thought so but thanks a lot @calm-exabyte-238 i will give it a try. Appreciate the help
❤️ 1