Why can't I connect to my Amazon EKS cluster?

Last updated: 2022-11-08

I created an Amazon Elastic Kubernetes Service (Amazon EKS) cluster, but I can't connect to my cluster.

Short description

After you create your Amazon EKS cluster, you must configure your kubeconfig file with the AWS Command Line Interface (AWS CLI). This configuration allows you to connect to your cluster using the kubectl command line.

The following resolution shows you how to create a kubeconfig file for your cluster with the AWS CLI update-kubeconfig command. To manually update your kubeconfig file without using the AWS CLI, see Creating or updating a kubeconfig file for an Amazon EKS cluster.

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent AWS CLI version.

Resolution

1.FSPVerify that AWS CLI version 1.16.308 or greater is installed on your system:

$ aws --version

Important: You must have Python version 2.7.9 or greater installed on your system. Otherwise, you receive an error.

Tip: Use package managers such as yum, apt-get, or homebrew for macOS to install the AWS CLI.

2.FSPCheck the current identity to verify that you're using the correct credentials that have permissions for the Amazon EKS cluster:

aws sts get-caller-identity

Note: The AWS Identity and Access Management (IAM) entity user or role that creates an Amazon cluster is automatically granted permissions when the cluster is created. These permissions are granted in the cluster's RBAC configuration in the control plane. IAM users or roles can also be granted access to an Amazon EKS cluster in aws-auth ConfigMap. By default, the AWS IAM Authenticator for Kubernetes uses the configured AWS CLI or AWS SDK identity. For more information, see Enabling IAM user and role access to your cluster.

3.FSPCreate or update the kubeconfig file for your cluster:

aws eks --region region update-kubeconfig --name cluster_name

Note: Replace region with your AWS Region. Replace cluster_name with your cluster name.

By default, the configuration file is created at the kubeconfig path ($HOME/.kube/config) in your home directory or merged with an existing kubeconfig at that location. For Windows, the file is at %USERPROFILE%\.kube\config.

You can also specify another path by setting the KUBECONFIG (from the Kubernetes website) environment variable, or with the following --kubeconfig option:

$ kubectl get pods --kubeconfig ./.kube/config

Note: For authentication when you run kubectl commands, you can specify an IAM role Amazon Resource Name (ARN) with the --role-arn option. Otherwise, the IAM entity in your default AWS CLI or AWS SDK credential chain is used. For more information, see update-kubeconfig or complete step 6 in the "Create kubeconfig manually" section of Creating or updating a kubeconfig file for an Amazon EKS cluster.

4.FSPTest your configuration:

$ kubectl get svc

Example output:

NAME             TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
svc/kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   1m

Note: If you receive other authorization or resource type errors, see Unauthorized or access denied (kubectl).