EKS kubectl error: You must be logged in to the server (Unauthorized)

error: You must be logged in to the server (Unauthorized)

This error happened on running kubectl commands to connect to the Amazon Elastic Kubernetes Service. The error itself showing that it should be the problem with the athorization.

When an Amazon EKS cluster is created, the IAM entity (user or role) that creates the cluster will be added to the Kubernetes RBAC authorization table as the administrator. So only that particular IAM user can make calls to the Kubernetes API server using kubectl.

In-order to add access to other aws users or role, we need to edit the ConfigMap to add an IAM user or role to an Amazon EKS cluster. Please note that this should be done using the credentials of IAM user which used to create the EKS cluster.

#kubectl edit configmap aws-auth -n kube-system

Then add the required user to ConfigMap.

mapUsers: |
    - userarn: ARN
      username: NAME
      groups:
        - system:masters

Where ARN need to be replaced with the ARN of the user and NAME with the name of the required user.

If we need to add a role to ConfigMap.

mapRoles: |
    - rolearn: ARN
      username: NAME
      groups:
        - system:masters

Where ARN need to be replaced with the ARN of the role and NAME with the name of the required role.

Now the newly added user can run the kubectl commands against EKS cluster.

That's all…