EKS / Client / associate_access_policy
associate_access_policy#
- EKS.Client.associate_access_policy(**kwargs)#
Associates an access policy and its scope to an access entry. For more information about associating access policies, see Associating and disassociating access policies to and from access entries in the Amazon EKS User Guide.
See also: AWS API Documentation
Request Syntax
response = client.associate_access_policy( clusterName='string', principalArn='string', policyArn='string', accessScope={ 'type': 'cluster'|'namespace', 'namespaces': [ 'string', ] } )
- Parameters:
clusterName (string) –
[REQUIRED]
The name of your cluster.
principalArn (string) –
[REQUIRED]
The Amazon Resource Name (ARN) of the IAM user or role for the
AccessEntry
that you’re associating the access policy to.policyArn (string) –
[REQUIRED]
The ARN of the
AccessPolicy
that you’re associating. For a list of ARNs, useListAccessPolicies
.accessScope (dict) –
[REQUIRED]
The scope for the
AccessPolicy
. You can scope access policies to an entire cluster or to specific Kubernetes namespaces.type (string) –
The scope type of an access policy.
namespaces (list) –
A Kubernetes
namespace
that an access policy is scoped to. A value is required if you specifiednamespace
forType
.(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'clusterName': 'string', 'principalArn': 'string', 'associatedAccessPolicy': { 'policyArn': 'string', 'accessScope': { 'type': 'cluster'|'namespace', 'namespaces': [ 'string', ] }, 'associatedAt': datetime(2015, 1, 1), 'modifiedAt': datetime(2015, 1, 1) } }
Response Structure
(dict) –
clusterName (string) –
The name of your cluster.
principalArn (string) –
The ARN of the IAM principal for the
AccessEntry
.associatedAccessPolicy (dict) –
The
AccessPolicy
and scope associated to theAccessEntry
.policyArn (string) –
The ARN of the
AccessPolicy
.accessScope (dict) –
The scope of the access policy.
type (string) –
The scope type of an access policy.
namespaces (list) –
A Kubernetes
namespace
that an access policy is scoped to. A value is required if you specifiednamespace
forType
.(string) –
associatedAt (datetime) –
The date and time the
AccessPolicy
was associated with anAccessEntry
.modifiedAt (datetime) –
The Unix epoch timestamp for the last modification to the object.
Exceptions