Add Amazon (AWS) EKS clusters#
Lens Desktop supports access to multiple Amazon Elastic Kubernetes Service (Amazon EKS or AWS EKS) clusters.
You can connect to your AWS EKS in several ways:
-
Adding a cluster using One-Click AWS EKS integration
This feature is available for paid subscription users and allows you to connect to EKS clusters through the One-Click AWS EKS integration without installing and configuring AWS CLI.
-
Fetching clusters with AWS CLI
If you already have AWS CLI installed and configured, Lens Desktop will detect and display available clusters. However, it requires staying logged into your AWS profile.
-
Updating local kubeconfig file
You can update your kubeconfig file using AWS CLI, and then continue working with EKS clusters locally.
Info
Although logging in your AWS profile might work without a VPN connection, connecting to an AWS EKS cluster itself may require one. This depends on the network policies of your organization. Contact your network administrators to determine whether a VPN connection is necessary.
Add a cluster using One-Click AWS EKS integration#
Lens paid subscription feature
- In Kubernetes Clusters > EKS, click Add AWS Profile and select Sign in with AWS SSO to access AWS using your company profile.
-
Paste your AWS SSO Start URL into the input field and click Next.
Tip
The AWS SSO Start URL has the following format:
Find AWS SSO Start URL in your AWS access portal, or contact an AWS administrator of your organization account.https://<sso-portal>.awsapps.com/start -
In the Add AWS Profile modal, memorize the authorization code and click Open in browser. If you are not logged into your AWS account, a browser tab opens with a sign in form.
- In the browser tab, verify that the displayed code matches the one from the previous step, and click Confirm and continue. Complete the remaining steps and return to Lens Desktop.
- In the Add AWS Profile modal, select the AWS profile.
- Optional. If there are multiple IAM roles in your profile, select one that you are going to use.
After completing these steps, Lens Desktop displays available EKS clusters from your AWS profile.
In the video below, you can watch the integration process:
Connect to clusters using AWS CLI#
With properly installed and configured AWS CLI, you can detect EKS clusters or update local kubeconfig file.
Some cases in which you might need to integrate your Amazon EKS clusters through AWS CLI:
-
SSO Authentication Issues
Firewall, VPN, or proxy restrictions might block the AWS SSO login flow.
-
Corporate Policies
Organization restrictions or the use of AWS IAM Identity Center (SSO).
-
Legacy or Custom Environments
Manual kubeconfig management requirements due to custom authentication or network setups.
-
User Preferences
Personal user preferences regarding control over kubeconfig files or the use of external automated scripts.
Prerequisites#
To add an AWS EKS cluster to Lens Desktop, you need to install and configure AWS CLI. See Get started with AWS CLI and Configuration and credential file settings for details.
Detect an AWS EKS cluster#
To detect your clusters automatically, you need to have the AWS CLI tool configured to the AWS profiles corresponding to your clusters. In this scenario, Lens Desktop displays available AWS EKS clusters in Kubernetes Clusters >AWS EKS. However, this way requires you to stay logged in AWS, as Lens Desktop relies on the active AWS session to access the profiles configured in AWS CLI. It enables fetching the available clusters from those AWS profiles. If you are logged out of AWS CLI, Lens Desktop displays the lock icon next to each profile signalling that authentication is required. Click the icon to log into the AWS system from Lens Desktop, or log in from AWS CLI.
Add an AWS EKS cluster to the kubeconfig file#
To update your local kubeconfig file, use the aws eks update-kubeconfig AWS CLI utility. The config file gets the AWS EKS cluster configurations, which enables Lens Desktop to discover the cluster similarly to kubectl. In this case, you can access your cluster at Kubernetes Clusters > Local Kubeconfigs.
To add an AWS EKS cluster:
-
Required only at the initial session. Configure the AWS SSO session:
If the parameters are specified correctly, an SSO authentication page opens to confirm that the request has been approved. After returning to the CLI tool, if you have multiple AWS accounts, select the one that corresponds to the target cluster.aws configure sso SSO session name (Recommended): <sso-name> SSO start URL [None]: https://<sso-portal>.awsapps.com/start SSO region [None]: <region-name> -
Start the AWS SSO session:
An SSO authentication page opens to confirm that the request has been approved. After returning to the CLI tool, if you have several AWS accounts, select the one that corresponds to the target cluster.aws sso login -
Update your local kubeconfig file:
Info
As the AWS account region and the cluster region may differ, specify the region that corresponds to the cluster.
aws eks --region <region-name> update-kubeconfig --name <cluster-name> -
Check if kubeconfig file has been updated:
kubectl config get-contextsSystem response example:
CURRENT NAME CLUSTER AUTHINFO NAMESPACE aks-lens-cluster aks-lens-cluster clusterUser_aks-lens-resource-group_aks-lens-cluster * arn:aws:eks:eu-north-1:841310725496:cluster/exciting-classical-ant arn:aws:eks:eu-north-1:841310725496:cluster/exciting-classical-ant arn:aws:eks:eu-north-1:841310725496:cluster/exciting-classical-ant docker-desktop docker-desktop docker-desktop -
Open Lens Desktop and check if the new cluster appears in Navigator > Local Kubeconfigs section.
See also
-
Overview of Amazon Elastic Kubernetes Service
-
First steps with AWS CLI
-
An article about configuring AWS CLI to retrieve credentials to run AWS CLI commands
Configuring IAM Identity Center authentication with the AWS CLI
-
An article about organizing and storing credentials in config files
Configuration and credential file settings for details.
-
An example of creating a kubeconfig file for an Amazon EKS cluster
-
An example of configuring Amazon EKS single sign-on