Setting up an AWS account

Suggest edits

To install a Hybrid Manager cluster, you need an AWS account with privileges to create the necessary resources.

Required permissions

To create an EKS cluster, you need an AWS account with the following permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "eks:*",
                "sts:AssumeRole",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:GetRole",
                "iam:GetRolePolicy",
                "iam:PutRolePolicy",
                "iam:PassRole",
                "iam:ListPolicies",
                "iam:ListRolePolicies",
                "iam:ListAttachedRolePolicies",
                "iam:ListRoleTags",
                "iam:TagRole",
                "iam:GenerateServiceLastAccessedDetails",
                "iam:ListInstanceProfilesForRole",
                "iam:ListOpenIDConnectProviders",
                "iam:GetOpenIDConnectProvider",
                "iam:CreateOpenIDConnectProvider",
                "iam:TagOpenIDConnectProvider",
                "iam:GetServiceLastAccessedDetails",
                "iam:AttachRolePolicy",
                "ec2:TerminateInstances",
                "iam:deleteOpenIDConnectProvider",
                "iam:detachRolePolicy",
                "iam:DeleteRolePolicy"
            ],
            "Resource": "*"
        }
    ]
}

We recommend that you create a role with the above permissions and add it to your existing permissions by attaching it to your user. We also recommend that you review these permissions with your security team to ensure they're appropriate for your use case.

Create an AWS account

If you don't already have an AWS account, you can create one on the AWS website. Select Create an AWS Account and follow the instructions.

Create an IAM user

  1. Log in to the AWS Management Console.

  2. Navigate to the IAM service by searching for IAM in the search bar.

  3. In the IAM dashboard, in the left menu, select Users, then select Add user.

  4. Enter a username for the new user and select the Programmatic access check box.

  5. Select Next: Permissions.

  6. Attach a policy. In the Set permissions step, select Attach existing policies directly and search for the AdministratorAccess policy. Select the policy and select Next: Tags.

  7. If you want, add tags to the user and select Next: Review.

  8. Review the user details. To create the IAM user, select Create user.

Note

Record the access key ID and secret access key. You will need them to configure the AWS CLI.

Configure the AWS CLI

To configure the AWS CLI, you first need the AWS CLI installed on your local machine. (You perform this step as part of the Install system prerequisite).

To configure the CLI, run:

aws configure

Next steps

After you configure the AWS CLI, you can create an EKS cluster.

← Prev

Install system

↑ Up

EKS installation prerequisites

Next →

Creating an EKS cluster

Could this page be better? Report a problem or suggest an addition!