I have some questions about https://blog.pulumi.com/simplify-kubernetes-rbac-in-amazon-eks-with-open-source-pulumi-packages (although these might be more AWS questions than Pulumi-specific ones). 1) Is there something special about the number in the

Principal

snippet? Or will any number do?

"Principal": {
                  "AWS": "arn:aws:iam::153052954103:root"
                },

2) Is it possible to map the cluster admin role to an AWS IAM Group instead of just an IAM role?

1) The number is your AWS account number. 2) I'm not 100% sure, but I believe no, that's not possible and is an AWS restriction.

1) Principal element is used to specify the IAM user, federated user, IAM role, AWS account, AWS service, or other principal entity that is allowed or denied access to an AWS resource. 2) Should be possible but I am testing this to be certain iam-authenticator has the improvements that were WIP when I left AWS.