EKS / Client / associate_access_policy

associate_access_policy#

EKS.Client.associate_access_policy(**kwargs)#

Associates an access policy and its scope to an access entry. For more information about associating access policies, see Associating and disassociating access policies to and from access entries in the Amazon EKS User Guide.

See also: AWS API Documentation

Request Syntax

response = client.associate_access_policy(
    clusterName='string',
    principalArn='string',
    policyArn='string',
    accessScope={
        'type': 'cluster'|'namespace',
        'namespaces': [
            'string',
        ]
    }
)
Parameters:

  • clusterName (string) –

    [REQUIRED]

    The name of your cluster.

  • principalArn (string) –

    [REQUIRED]

    The Amazon Resource Name (ARN) of the IAM user or role for the AccessEntry that you’re associating the access policy to.

  • policyArn (string) –

    [REQUIRED]

    The ARN of the AccessPolicy that you’re associating. For a list of ARNs, use ListAccessPolicies.

  • accessScope (dict) –

    [REQUIRED]

    The scope for the AccessPolicy. You can scope access policies to an entire cluster or to specific Kubernetes namespaces.

    • type (string) –

      The scope type of an access policy.

    • namespaces (list) –

      A Kubernetes namespace that an access policy is scoped to. A value is required if you specified namespace for Type.

      • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'clusterName': 'string',
    'principalArn': 'string',
    'associatedAccessPolicy': {
        'policyArn': 'string',
        'accessScope': {
            'type': 'cluster'|'namespace',
            'namespaces': [
                'string',
            ]
        },
        'associatedAt': datetime(2015, 1, 1),
        'modifiedAt': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) –

    • clusterName (string) –

      The name of your cluster.

    • principalArn (string) –

      The ARN of the IAM principal for the AccessEntry.

    • associatedAccessPolicy (dict) –

      The AccessPolicy and scope associated to the AccessEntry.

      • policyArn (string) –

        The ARN of the AccessPolicy.

      • accessScope (dict) –

        The scope of the access policy.

        • type (string) –

          The scope type of an access policy.

        • namespaces (list) –

          A Kubernetes namespace that an access policy is scoped to. A value is required if you specified namespace for Type.

          • (string) –

      • associatedAt (datetime) –

        The date and time the AccessPolicy was associated with an AccessEntry.

      • modifiedAt (datetime) –

        The Unix epoch timestamp for the last modification to the object.

Exceptions

  • EKS.Client.exceptions.ServerException

  • EKS.Client.exceptions.ResourceNotFoundException

  • EKS.Client.exceptions.InvalidRequestException

  • EKS.Client.exceptions.InvalidParameterException