AWS EKS (IAM)

aws compute

Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service for running containerized applications in the AWS cloud and on-premises.

Common permissions

eks:ListClusterseks:DescribeClustereks:ListNodegroupseks:DescribeNodegroupeks:ListAddonseks:DescribeAddoneks:ListUpdateseks:TagResource

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "eks:ListClusters",
        "eks:DescribeCluster",
        "eks:ListNodegroups",
        "eks:DescribeNodegroup",
        "eks:ListAddons",
        "eks:DescribeAddon",
        "eks:ListUpdates",
        "eks:TagResource"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid eks:* — grants full control including cluster and nodegroup deletion
Avoid eks:CreateAccessEntry unless needed — can grant Kubernetes access to unauthorized users

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/eks/eks.json ↗

API

full doc /v1/iam/eks