access_entries
Creates, updates, deletes or gets an access_entry resource or lists access_entries in a region
Overview
| Name | access_entries |
| Type | Resource |
| Description | An object representing an Amazon EKS AccessEntry. |
| Id | awscc.eks.access_entries |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
cluster_name | string | The cluster that the access entry is created for. |
principal_arn | string | The principal ARN that the access entry is created for. |
username | string | The Kubernetes user that the access entry is associated with. |
tags | array | An array of key-value pairs to apply to this resource. |
access_entry_arn | string | The ARN of the access entry. |
kubernetes_groups | array | The Kubernetes groups that the access entry is associated with. |
access_policies | array | An array of access policies that are associated with the access entry. |
type | string | The node type to associate with the access entry. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
cluster_name | string | The cluster that the access entry is created for. |
principal_arn | string | The principal ARN that the access entry is created for. |
region | string | AWS region. |
For more information, see AWS::EKS::AccessEntry.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | access_entries | INSERT | PrincipalArn, ClusterName, region |
delete_resource | access_entries | DELETE | Identifier, region |
update_resource | access_entries | UPDATE | Identifier, PatchDocument, region |
list_resources | access_entries_list_only | SELECT | region |
get_resource | access_entries | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual access_entry.
SELECT
region,
cluster_name,
principal_arn,
username,
tags,
access_entry_arn,
kubernetes_groups,
access_policies,
type
FROM awscc.eks.access_entries
WHERE
region = 'us-east-1' AND
Identifier = '{{ principal_arn }}|{{ cluster_name }}';
Lists all access_entries in a region.
SELECT
region,
principal_arn,
cluster_name
FROM awscc.eks.access_entries_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new access_entry resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.eks.access_entries (
ClusterName,
PrincipalArn,
region
)
SELECT
'{{ cluster_name }}',
'{{ principal_arn }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.eks.access_entries (
ClusterName,
PrincipalArn,
Username,
Tags,
KubernetesGroups,
AccessPolicies,
Type,
region
)
SELECT
'{{ cluster_name }}',
'{{ principal_arn }}',
'{{ username }}',
'{{ tags }}',
'{{ kubernetes_groups }}',
'{{ access_policies }}',
'{{ type }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: access_entry
props:
- name: cluster_name
value: '{{ cluster_name }}'
- name: principal_arn
value: '{{ principal_arn }}'
- name: username
value: '{{ username }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
- name: kubernetes_groups
value:
- '{{ kubernetes_groups[0] }}'
- name: access_policies
value:
- policy_arn: '{{ policy_arn }}'
access_scope:
type: '{{ type }}'
namespaces:
- '{{ namespaces[0] }}'
- name: type
value: '{{ type }}'
UPDATE example
Use the following StackQL query and manifest file to update a access_entry resource, using stack-deploy.
/*+ update */
UPDATE awscc.eks.access_entries
SET PatchDocument = string('{{ {
"Username": username,
"Tags": tags,
"KubernetesGroups": kubernetes_groups,
"AccessPolicies": access_policies
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ principal_arn }}|{{ cluster_name }}';
DELETE example
/*+ delete */
DELETE FROM awscc.eks.access_entries
WHERE
Identifier = '{{ principal_arn }}|{{ cluster_name }}' AND
region = 'us-east-1';
Permissions
To operate on the access_entries resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
eks:CreateAccessEntry,
eks:DescribeAccessEntry,
eks:AssociateAccessPolicy,
eks:TagResource,
eks:ListAssociatedAccessPolicies
eks:DescribeAccessEntry,
eks:ListAssociatedAccessPolicies
eks:DescribeAccessEntry,
eks:ListAssociatedAccessPolicies,
eks:UpdateAccessEntry,
eks:AssociateAccessPolicy,
eks:DisassociateAccessPolicy,
eks:TagResource,
eks:UntagResource
eks:DeleteAccessEntry,
eks:DescribeAccessEntry
eks:ListAccessEntries