centersl/portainer-docs
1
0
Fork 0
mirror of https://github.com/portainer/portainer-docs.git synced 2026-03-27 12:58:32 +07:00
Code Issues Packages Projects Releases Wiki Activity
Files
2.39
portainer-docs/admin/settings/credentials/eks.md
James Carppe 959c303ed7 GitBook: No commit message
2026-02-15 21:18:24 +00:00

147 lines
4.8 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
metaLinks:
alternates:
- >-
https://app.gitbook.com/s/j6QEqM3Sd94bdPsX4HaN/admin/settings/credentials/eks
---
# Add AWS credentials
Before you can add your AWS credentials to Portainer, you will need to configure your IAM account with the necessary access policies and create and retrieve an access key.
## Configuring access to AWS
While you can use an existing IAM user to communicate with Portainer, you may want to create a new user for just this purpose. The minimum IAM policies required for Portainer to provision are as follows:
* `AmazonEC2FullAccess`
* `AWSCloudFormationFullAccess`
In addition, we require two custom policies, which you should create and assign to your IAM user:
### EKSFullAccess
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "eks:*",
"Resource": "*"
},
{
"Action": [
"ssm:GetParameter",
"ssm:GetParameters"
],
"Resource": [
"arn:aws:ssm:*:<account_id>:parameter/aws/*",
"arn:aws:ssm:*::parameter/aws/*"
],
"Effect": "Allow"
},
{
"Action": [
"kms:CreateGrant",
"kms:DescribeKey"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"logs:PutRetentionPolicy"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
```
### IAMLimitedAccess
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:GetInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:GetRole",
"iam:CreateRole",
"iam:DeleteRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:ListInstanceProfiles",
"iam:AddRoleToInstanceProfile",
"iam:ListInstanceProfilesForRole",
"iam:PassRole",
"iam:DetachRolePolicy",
"iam:DeleteRolePolicy",
"iam:GetRolePolicy",
"iam:GetOpenIDConnectProvider",
"iam:CreateOpenIDConnectProvider",
"iam:DeleteOpenIDConnectProvider",
"iam:TagOpenIDConnectProvider",
"iam:ListAttachedRolePolicies",
"iam:TagRole",
"iam:GetPolicy",
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:ListPolicyVersions"
],
"Resource": [
"arn:aws:iam::<account_id>:instance-profile/eksctl-*",
"arn:aws:iam::<account_id>:role/eksctl-*",
"arn:aws:iam::<account_id>:policy/eksctl-*",
"arn:aws:iam::<account_id>:oidc-provider/*",
"arn:aws:iam::<account_id>:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup",
"arn:aws:iam::<account_id>:role/eksctl-managed-*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:GetRole"
],
"Resource": [
"arn:aws:iam::<account_id>:role/*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"eks.amazonaws.com",
"eks-nodegroup.amazonaws.com",
"eks-fargate.amazonaws.com"
]
}
}
}
]
}
```
Once you have your IAM user set up, log in to the AWS portal with the IAM user and in the top right menu - the user's name - select **Security Credentials**. Expand the **Access keys** section and click **Create New Access Key**.&#x20;
Copy the **Access key ID** and the **Secret access key** that are generated.
## Adding your credentials
To add credentials for an AWS account, from the [Shared credentials](./) page click **Add credentials**, then select the **Amazon Web Services (AWS)** option. Enter a **name** for your credentials, then paste your **access key ID** and and **secret access key** from AWS into the fields.
<figure><img src="../../../.gitbook/assets/Screenshot 2025-09-16 at 11.26.12AM.png" alt=""><figcaption></figcaption></figure>
When you're ready, click **Add credentials**. Your credentials will now be available to you when [provisioning a Kubernetes cluster on AWS](../../environments/add/kaas/eks.md).
Reference in New Issue View Git Blame Copy Permalink