Access EKS cluster in local when you’re not the cluster creator

If you are trying to access the EKS cluster when you are not the creator then you might face the following issue-

kubectl get ns
E0707 14:14:15.137550   17555 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0707 14:14:15.512278   17555 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0707 14:14:15.895814   17555 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0707 14:14:16.268563   17555 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0707 14:14:16.630633   17555 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)

To fix this issue what you have to do is-

First use the token for the user who have created the cluster for you as set in the env variable as

export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
export AWS_SESSION_TOKEN=

you can map your IAM entity manually by editing the aws-auth ConfigMap:

kubectl edit configmap aws-auth --namespace kube-system

To add an IAM user, add the IAM user ARN to mapUsers.

mapUsers: |
  - userarn: arn:aws:iam::XXXXXXXXXXXX:user/testuser
    username: testuser
    groups:
      - system:masters

Mine update config map is as following

apiVersion: v1
data:
   mapUsers: |
    - userarn: arn:aws:iam::XXXXXXXXXXXX:user/myuser
      username: myuser
      groups:
       - system:masters
  mapRoles: |
    - groups:
      - system:bootstrappers
      - system:nodes
      rolearn: arn:aws:iam::xxxxxxxxxx:role/AmazonEKSNodeRole
      username: system:node:{{EC2PrivateDNSName}}
kind: ConfigMap