https://pulumi.com logo
#general
Title
# general
f

fierce-dinner-20116

06/12/2019, 9:01 PM
I have some questions about https://blog.pulumi.com/simplify-kubernetes-rbac-in-amazon-eks-with-open-source-pulumi-packages (although these might be more AWS questions than Pulumi-specific ones). 1) Is there something special about the number in the
Principal
snippet? Or will any number do?
Copy code
"Principal": {
                  "AWS": "arn:aws:iam::153052954103:root"
                },
2) Is it possible to map the cluster admin role to an AWS IAM Group instead of just an IAM role?
g

gentle-diamond-70147

06/12/2019, 9:23 PM
1) The number is your AWS account number. 2) I'm not 100% sure, but I believe no, that's not possible and is an AWS restriction.
n

narrow-area-11460

06/12/2019, 9:26 PM
1) Principal element is used to specify the IAM user, federated user, IAM role, AWS account, AWS service, or other principal entity that is allowed or denied access to an AWS resource. 2) Should be possible but I am testing this to be certain iam-authenticator has the improvements that were WIP when I left AWS.