No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hey guys :slightly_smiling_face:

What is the best practice for the identity of an EKS cluster creator?

Should it be the CI role that we use to deploy our infrastructure?

Should it be a dedicated role created only for the purpose of creation of the cluster? And then the CI does everything else in terms of deployment of AWS resources as well as k8s resources.

Perhaps it should not be the CI role that is the creator as it will be part of system:masters. And for reasons I don’t fully understand, we don’t want to just add users to that if they need admin control. Rather they should be made separate `clusterAdmins`. So then perhaps it should be a dedicated role that doesn’t get used for anything else to create the cluster.