aws-iam-authenticator | use AWS IAM credentials to authenticate to a Kubernetes | Identity Management library

I am working on a Terraform project that has an end goal of an EKS cluster with the following properties:

1. Private to the outside internet
2. Accessible via a bastion host
3. Uses worker groups
4. Resources (deployments, cron jobs, etc) configurable via the Terraform Kubernetes module

To accomplish this, I've modified the Terraform EKS example slightly (code at bottom of the question). The problems that I am encountering is that after SSH-ing into the bastion, I cannot ping the cluster and any commands like kubectl get pods timeout after about 60 seconds.

Here are the facts/things I know to be true:

1. I have (for the time being) switched the cluster to a public cluster for testing purposes. Previously when I had cluster_endpoint_public_access set to false the terraform apply command would not even complete as it could not access the /healthz endpoint on the cluster.
2. The Bastion configuration works in the sense that the user data runs successfully and installs kubectl and the kubeconfig file
3. I am able to SSH into the bastion via my static IP (that's the var.company_vpn_ips in the code)
4. It's entirely possible this is fully a networking problem and not an EKS/Terraform problem as my understanding of how the VPC and its security groups fit into this picture is not entirely mature.

Here is the VPC configuration:

Already saw this particular post kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster and followed some guides from AWS but still no success..

I'm creating a CI/CD pipeline. But CodeBuild is apparently not authorized to access the EKS cluster. I went to the specific CodeBuild role and added the following policies:

• AWSCodeCommitFullAccess
• AmazonEC2ContainerRegistryFullAccess
• AmazonS3FullAccess
• CloudWatchLogsFullAccess
• AWSCodeBuildAdminAccess

Also created and added the following policy:

In this document (https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html), tab of linux, AWS shared the s3 bucket to download latest version of aws-iam-authenticator

this link is keep changing when new version is released, but the bucket name amazon-eks is never changed.

I try to create new Kubernetes cluster on Amazon EKS using eksctl script.

I created IAM user with this permissions :

when i try to create it I have this error :

I'm new to Kubernetes and was following some examples for setting contexts. Now I can't seem to get any objects on my server, or I'm talking to the wrong server. I see...

I have tried every solution I could get my 'google' on

I've deployed a test EKS cluster with the appropiate configMap, and users that are SSO'd in can access the clusters via exporting session creds (AWS_ACCESS_KEY_ID, SECRET_ACCESS_KEY_ID, AWS_SESSION_TOKEN etc) and having the aws-iam-authenticator client installed in their terminal. The problem comes in when users attempt to use an aws sso profile stored in ~/.aws/config using the aws-iam-authenticator. The error that's recieved when running any kubectl command is the following:

I'm trying to setup the aws-iam-authenticator container on AWS EKS, but I've been stuck for hours trying to get the daemon started. I'm following the instructions found on the aws-iam-authenticator repo, and I'm using the deploy/example.yml as my reference starting point. I've already modified the roles, clusterID, and another required components but still no luck after applying the deployment.

I just enabled logging for the controller-master so I hope there may be some further details in there. I also came across a post where folks mentioned restarting the controller nodes, but I haven't found a way to do it using EKS yet.

If anyone has quick tips or other places to check, I'd greatly appreciate it :)

How can I get a Kubernetes authentication token from AWS EKS using the AWS Java SDK v2? An authentication token that can then be used to authenticate with Kubernetes using a Kubernetes SDK. In other words I want to get an authentication token from EKS to use for authentication with Kubernetes so that I don't have to create a "kube config".

I actually got a solution working with AWS Java SDK v1 (not v2) looking at the code examples in the following open issue. There is also a Python code example here BUT I'm not having any success with AWS Java SDK v2. My attempt at doing it with AWS Java SDK v2: