saml2aws as credential plugin for eks cluster

[d-kononov]

Ability to use saml2aws binary file as credential plugin for EKS cluster

[sledigabel]

Have you thought of using the aws-iam-authenticator and use the aws cli with credential process to auth seemlessly?

- name: myCluster
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - eks
      - get-token
      - --cluster-name
      - mycluster
      - --profile
      - mycluster
      - --region
      - us-east-1
      command: aws
      env: null

[d-kononov]

@sledigabel it should work if you store users in the AWS and provide aws keys to each of the users.

But it will not work if you use keycloak (as an example) as identity provider.

This feature allow you to use idp to create aws session and allow user to connect to the eks cluster.

[sledigabel]

@d-kononov we use ADFS as IdP, backed by Azure. We do not use AWS IAM Users at all. You get a role in the end which you can use to auth in EKS with RoleBinding.

[mapkon]

@d-kononov Are you still interested in this? If yes, please fix conflicts so we can merge.