Skip to content

camptocamp/aws-iam-authenticator-proxy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

aws-iam-authenticator HTTP Proxy

Docker Pulls Go Report Card By Camptocamp

Amazon Services require valid accounts to be used. This proxy allows external users to access an AWS EKS cluster without requiring access to AWS credentials.

Disclaimer: the proxy does not implement any form of authentication. You are responsible for implementing whatever security measure you wish to enforce in front of it.

Example usage

In order to give access to an AWS EKS cluster without distribution credentials, you can start the proxy with the necessary credentials as well as the cluster ID. For example, using Docker:

$ docker run --rm -p 8080:8080 \
             -e AWS_ACCESS_KEY_ID=<AWS_ACCESS_KEY_ID> \
             -e AWS_SECRET_ACCESS_KEY=<AWS_SECRET_ACCESS_KEY> \
             -e EKS_CLUSTER_ID=<EKS_CLUSTER_ID> \
             -e PSK="mysecretstring" \
    camptocamp/aws-iam-authenticator-proxy:latest

You should then be able to retrieve authentication tokens for your user at http://localhost:8080.

If a PSK is passed, you will need to pass its value in the URL as http://localhost:8080?psk=mysecretstring.

You can set up your ~/.kube/config to use the exec authentication mechanism using curl:

users:
- name: <cluster_name>
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: curl
      args:
        - -s
        - "http://<your_ip>:8080/"