Interview AWS

How do you authenticate kubectl to an EKS cluster (aws-auth / access entries)?

AWS · Intermediate level

Answer

kubectl to EKS uses AWS IAM authentication, then Kubernetes authorization. Historically access mapping used aws-auth ConfigMap; access entries provide an EKS API-managed access model, but RBAC still controls in-cluster permissions.

Technical explanation

Authentication is IAM-based, but Kubernetes RBAC or access policies still define what the caller can do.

EKS is managed Kubernetes, not no-ops Kubernetes: IAM, networking, add-ons, node strategy, upgrades, RBAC, policies, and workload reliability remain customer responsibilities.

Workload identity, private networking, image security, ingress standards, autoscaling, and observability are foundational controls for production clusters.

Troubleshooting EKS requires separating control-plane, node, CNI, scheduler, ingress, and application failure domains.

Hands-on example

1. Create or use an EKS sandbox cluster with private subnets, managed add-ons, workload IAM, and a sample namespace.

2. Deploy a small container from ECR using Kubernetes manifests or Helm, with readiness/liveness probes and resource requests.

3. Add ingress/load balancing, pod IAM, logging, metrics, and network/security controls relevant to the question.

4. Test node replacement, pod rescheduling, image pulls, access control, and rollback.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More AWS interview questions

← All AWS questions