Service: Amazon Elastic Kubernetes Service
Short Name:
eks
ARN Format:
arn:aws:eks:${Region}:${Account}:${ResourceType}/${RelativeId}ARN Regex:
^arn:aws:eks:.+ReadOnlyAccess
…
AWSConfigRoleAction | Access | Reference | Description |
|---|---|---|---|
| eks:ListAccessEntries | Docs | Grants permission to list all Amazon EKS access entries | |
| eks:ListAccessPolicies | Docs | Grants permission to list Amazon EKS access policies | |
| eks:ListAddons | Docs | Grants permission to list the Amazon EKS add-ons in your AWS account (in the specified or default region) for a given cluster | |
| eks:ListAssociatedAccessPolicies | Docs | Grants permission to list associated access policy on and Amazon EKS access entry | |
| eks:ListClusters | Docs | Grants permission to list the Amazon EKS clusters in your AWS account (in the specified or default region) | |
| eks:ListEksAnywhereSubscriptions | Docs | Grants permission to list EKS Anywhere subscriptions | |
| eks:ListFargateProfiles | Docs | Grants permission to list the AWS Fargate profiles in your AWS account (in the specified or default region) associated with a given cluster | |
| eks:ListIdentityProviderConfigs | Docs | Grants permission to list the Idp configs in your AWS account (in the specified or default region) associated with a given cluster | |
| eks:ListInsights | Docs | Grants permission to list all detected insights for a specified cluster | |
| eks:ListNodegroups | Docs | Grants permission to list the Amazon EKS nodegroups in your AWS account (in the specified or default region) attached to given cluster | |
| eks:ListPodIdentityAssociations | Docs | Grants permission to list EKS Pod Identity associations | |
| eks:ListUpdates | Docs | Grants permission to list the updates for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region) | |
| eks:AccessKubernetesApi | Docs | Grants permission to view Kubernetes objects via AWS EKS console | |
| eks:DescribeAccessEntry | Docs | Grants permission to describe an Amazon EKS access entry | |
| eks:DescribeAddon | Docs | Grants permission to retrieve descriptive information about an Amazon EKS add-on | |
| eks:DescribeAddonConfiguration | Docs | Grants permission to list configuration options about an Amazon EKS add-on | |
| eks:DescribeAddonVersions | Docs | Grants permission to retrieve descriptive version information about the add-ons that Amazon EKS Add-ons supports | |
| eks:DescribeCluster | Docs | Grants permission to retrieve descriptive information about an Amazon EKS cluster | |
| eks:DescribeEksAnywhereSubscription | Docs | Grants permission to describe an EKS Anywhere subscription | |
| eks:DescribeFargateProfile | Docs | Grants permission to retrieve descriptive information about an AWS Fargate profile associated with a cluster | |
| eks:DescribeIdentityProviderConfig | Docs | Grants permission to retrieve descriptive information about an Idp config associated with a cluster | |
| eks:DescribeInsight | Docs | Grants permission to retrieve descriptive information of a detected insight for a specified cluster | |
| eks:DescribeNodegroup | Docs | Grants permission to retrieve descriptive information about an Amazon EKS nodegroup | |
| eks:DescribePodIdentityAssociation | Docs | Grants permission to describe an EKS Pod Identity association | |
| eks:DescribeUpdate | Docs | Grants permission to retrieve a given update for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region) | |
| eks:ListTagsForResource | Docs | Grants permission to list tags for the specified resource | |
| eks:TagResource | Docs | Grants permission to tag the specified resource | |
| eks:UntagResource | Docs | Grants permission to untag the specified resource | |
| eks:AssociateAccessPolicy | Docs | Grants permission to associate an Amazon EKS access policy to an Amazon EKS access entry | |
| eks:AssociateEncryptionConfig | Docs | Grants permission to associate encryption configuration to a cluster | |
| eks:AssociateIdentityProviderConfig | Docs | Grants permission to associate an identity provider configuration to a cluster | |
| eks:CreateAccessEntry | Docs | Grants permission to create an Amazon EKS access entry | |
| eks:CreateAddon | Docs | Grants permission to create an Amazon EKS add-on | |
| eks:CreateCluster | Docs | Grants permission to create an Amazon EKS cluster | |
| eks:CreateEksAnywhereSubscription | Docs | Grants permission to create an EKS Anywhere subscription | |
| eks:CreateFargateProfile | Docs | Grants permission to create an AWS Fargate profile | |
| eks:CreateNodegroup | Docs | Grants permission to create an Amazon EKS Nodegroup | |
| eks:CreatePodIdentityAssociation | Docs | Grants permission to create an EKS Pod Identity association | |
| eks:DeleteAccessEntry | Docs | Grants permission to delete an Amazon EKS access entry | |
| eks:DeleteAddon | Docs | Grants permission to delete an Amazon EKS add-on | |
| eks:DeleteCluster | Docs | Grants permission to delete an Amazon EKS cluster | |
| eks:DeleteEksAnywhereSubscription | Docs | Grants permission to describe an EKS Anywhere subscription | |
| eks:DeleteFargateProfile | Docs | Grants permission to delete an AWS Fargate profile | |
| eks:DeleteNodegroup | Docs | Grants permission to delete an Amazon EKS Nodegroup | |
| eks:DeletePodIdentityAssociation | Docs | Grants permission to delete an EKS Pod Identity association | |
| eks:DeregisterCluster | Docs | Grants permission to deregister an External cluster | |
| eks:DisassociateAccessPolicy | Docs | Grants permission to disassociate an Amazon EKS access policy from an Amazon EKS acces entry | |
| eks:DisassociateIdentityProviderConfig | Docs | Grants permission to delete an asssociated Idp config | |
| eks:RegisterCluster | Docs | Grants permission to register an External cluster | |
| eks:UpdateAccessEntry | Docs | Grants permission to update an Amazon EKS access entry | |
| eks:UpdateAddon | Docs | Grants permission to update Amazon EKS add-on configurations, such as the VPC-CNI version | |
| eks:UpdateClusterConfig | Docs | Grants permission to update Amazon EKS cluster configurations (eg: API server endpoint access) | |
| eks:UpdateClusterVersion | Docs | Grants permission to update the Kubernetes version of an Amazon EKS cluster | |
| eks:UpdateEksAnywhereSubscription | Docs | Grants permission to update an EKS Anywhere subscription | |
| eks:UpdateNodegroupConfig | Docs | Grants permission to update Amazon EKS nodegroup configurations (eg: min/max/desired capacity or labels) | |
| eks:UpdateNodegroupVersion | Docs | Grants permission to update the Kubernetes version of an Amazon EKS nodegroup | |
| eks:UpdatePodIdentityAssociation | Docs | Grants permission to update an EKS Pod Identity association |
aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeyseks:accessEntryTypeeks:accessScopeeks:bootstrapClusterCreatorAdminPermissionseks:clientIdeks:clusterNameeks:issuerUrleks:kubernetesGroupseks:namespaceseks:policyArneks:principalArneks:username