Add AWS EKS clusters with One-Click AWS Integration#
Lens premium subscription feature. See details on Lens Pricing.
This page contains instructions for One-Click AWS Integration.
One-Click AWS Integration allows you to connect Amazon Elastic Kubernetes Service (Amazon EKS or AWS EKS) clusters within Lens Desktop without installing and configuring AWS CLI.
To access your AWS EKS clusters, select one of the following options:
-
Sign in with AWS SSO
Connect to your AWS profile through a web-browser dialog menu.
-
Access Key Sign-in (IAM User)
Connect to your AWS profile with the user access keys.
-
Connect via IAM Role
Connect to your AWS profile with the unique identifier (ARN) of the IAM role.
Info
Although logging in your AWS profile might work without a VPN connection, connecting to an AWS EKS cluster itself may require one. This depends on the network policies of your organization. Contact your network administrators to determine whether a VPN connection is necessary.
Sign in with AWS SSO#
- In Kubernetes Clusters EKS, click Add AWS Profile and select Sign in with AWS SSO to access AWS using your company profile.
-
Paste your AWS SSO Start URL into the input field and click Next.
Tip
The AWS SSO Start URL has the following format:
Find AWS SSO Start URL in your AWS access portal, or contact an AWS administrator of your organization account.https://<sso-portal>.awsapps.com/start
-
In the Add AWS Profile modal, memorize the authorization code and click Open in browser. If you are not logged into your AWS account, a browser tab opens with a sign in form.
- In the browser tab, verify that the displayed code matches the one from the previous step, and click Confirm and continue. Complete the remaining steps and return to Lens Desktop.
- In the Add AWS Profile modal, select the AWS profile.
- Optional. If there are multiple IAM roles in your profile, select one that you are going to use.
After completing these steps, the AWS profile appears in Navigator with the clock icon displaying the validity period of current credentials. After passing the expiration time, the lock icon appears upon the profile. You can update your credentials by clicking the icon and repeating the steps above.
In the video below, you can watch the integration process:
Access Key Sign-in (IAM User)#
To connect using access keys from your AWS profile:
- In Kubernetes Clusters EKS, click Add AWS Profile and choose Access Key Sign-in (IAM User).
-
In the Add AWS Profile modal, enter the user access keys:
Access key Comment AWS Access Key ID Required. Copy from <aws-profile-name> Access keys. AWS Secret Access Key Required. Copy from <aws-profile-name> Access keys. AWS Session Token Optional. If necessary, copy from <aws-profile-name> Access keys. Click Next to finish the process.
As a result, AWS EKS clusters from the profile appear at Kubernetes Clusters EKS.
Connect via IAM Role#
Some cases, in which you may need using an AWS IAM role:
-
Enterprise environment features
You might have access to an AWS profile, but an AWS IAM role might be required to access clusters within the profile.
-
Multiple profiles setup
Clusters you need, can possibly be in sub-profiles, and to access the latter and IAM role is required.
-
Level of user permissions
Your personal permissions in an AWS profile might be insufficient to access clusters.
To connect using AWS IAM role:
- In Kubernetes Clusters EKS, click Add AWS Profile and choose Connect via IAM Role.
-
In the Add AWS Profile modal:
- Select an AWS profile
- Enter the role ARN (Amazon Resource Name)
- Optional, enter the session name
Click Next to finish the process
As a result, AWS EKS clusters from the profile appear at Kubernetes Clusters EKS.
See also
-
Overview of Amazon Elastic Kubernetes Service
-
First steps with AWS CLI
-
An article about configuring AWS CLI to retrieve credentials to run AWS CLI commands
Configuring IAM Identity Center authentication with the AWS CLI
-
An article about organizing and storing credentials in config files
Configuration and credential file settings for details.
-
An example of creating a kubeconfig file for an Amazon EKS cluster
-
An example of configuring Amazon EKS single sign-on