How to enable access from on-premise kubernetes to AWS?

9/7/2020

I'm new to on-premise kubernetes cluster, and am having hard time accessing the AWS services such as ECR. (As all my images are in ECR) Is there a way to authenticate and authorize on-premise kubernetes cluster to AWS?

-- Piljae Chae
amazon-web-services
kubernetes

1 Answer

9/7/2020

What you need is to setup proper IAM policy permission to access your ECR registry.

The Amazon EKS worker node IAM role (NodeInstanceRole) that you use with your worker nodes must possess the following IAM policy permissions for Amazon ECR.

Here`s an example:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "ecr:BatchCheckLayerAvailability",
            "ecr:BatchGetImage",
            "ecr:GetDownloadUrlForLayer",
            "ecr:GetAuthorizationToken"
        ],
        "Resource": "*"
    }
]

}

You can read more here about repository policies.

-- acid_fuji
Source: StackOverflow