EKS / Client / update_access_entry
update_access_entry#
- EKS.Client.update_access_entry(**kwargs)#
Updates an access entry.
See also: AWS API Documentation
Request Syntax
response = client.update_access_entry( clusterName='string', principalArn='string', kubernetesGroups=[ 'string', ], clientRequestToken='string', username='string' )
- Parameters:
clusterName (string) –
[REQUIRED]
The name of your cluster.
principalArn (string) –
[REQUIRED]
The ARN of the IAM principal for the
AccessEntry
.kubernetesGroups (list) –
The value for
name
that you’ve specified forkind: Group
as asubject
in a KubernetesRoleBinding
orClusterRoleBinding
object. Amazon EKS doesn’t confirm that the value forname
exists in any bindings on your cluster. You can specify one or more names.Kubernetes authorizes the
principalArn
of the access entry to access any cluster objects that you’ve specified in a KubernetesRole
orClusterRole
object that is also specified in a binding’sroleRef
. For more information about creating KubernetesRoleBinding
,ClusterRoleBinding
,Role
, orClusterRole
objects, see Using RBAC Authorization in the Kubernetes documentation.If you want Amazon EKS to authorize the
principalArn
(instead of, or in addition to Kubernetes authorizing theprincipalArn
), you can associate one or more access policies to the access entry usingAssociateAccessPolicy
. If you associate any access policies, theprincipalARN
has all permissions assigned in the associated access policies and all permissions in any KubernetesRole
orClusterRole
objects that the group names are bound to.(string) –
clientRequestToken (string) –
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
This field is autopopulated if not provided.
username (string) – The username to authenticate to Kubernetes with. We recommend not specifying a username and letting Amazon EKS specify it for you. For more information about the value Amazon EKS specifies for you, or constraints before specifying your own username, see Creating access entries in the Amazon EKS User Guide.
- Return type:
dict
- Returns:
Response Syntax
{ 'accessEntry': { 'clusterName': 'string', 'principalArn': 'string', 'kubernetesGroups': [ 'string', ], 'accessEntryArn': 'string', 'createdAt': datetime(2015, 1, 1), 'modifiedAt': datetime(2015, 1, 1), 'tags': { 'string': 'string' }, 'username': 'string', 'type': 'string' } }
Response Structure
(dict) –
accessEntry (dict) –
The ARN of the IAM principal for the
AccessEntry
.clusterName (string) –
The name of your cluster.
principalArn (string) –
The ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN, the access entry isn’t automatically deleted. We recommend that you delete the access entry with an ARN for an IAM principal that you delete. If you don’t delete the access entry and ever recreate the IAM principal, even if it has the same ARN, the access entry won’t work. This is because even though the ARN is the same for the recreated IAM principal, the
roleID
oruserID
(you can see this with the Security Token ServiceGetCallerIdentity
API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don’t see the IAM principal’sroleID
oruserID
for an access entry, Amazon EKS stores it with the access entry.kubernetesGroups (list) –
A
name
that you’ve specified in a KubernetesRoleBinding
orClusterRoleBinding
object so that Kubernetes authorizes theprincipalARN
access to cluster objects.(string) –
accessEntryArn (string) –
The ARN of the access entry.
createdAt (datetime) –
The Unix epoch timestamp at object creation.
modifiedAt (datetime) –
The Unix epoch timestamp for the last modification to the object.
tags (dict) –
Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don’t propagate to any other cluster or Amazon Web Services resources.
(string) –
One part of a key-value pair that make up a tag. A
key
is a general label that acts like a category for more specific tag values.(string) –
The optional part of a key-value pair that make up a tag. A
value
acts as a descriptor within a tag category (key).
username (string) –
The
name
of a user that can authenticate to your cluster.type (string) –
The type of the access entry.
Exceptions