{"id":13644203,"url":"https://github.com/keikoproj/aws-auth","last_synced_at":"2026-04-01T22:52:45.494Z","repository":{"id":39627077,"uuid":"204245642","full_name":"keikoproj/aws-auth","owner":"keikoproj","description":"Manage the aws-auth config map for EKS Kubernetes clusters","archived":false,"fork":false,"pushed_at":"2025-08-01T13:44:34.000Z","size":3740,"stargazers_count":185,"open_issues_count":6,"forks_count":26,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-08-14T01:48:42.449Z","etag":null,"topics":["aws-auth","aws-authentication","configmap","eks","eks-roles","kubernetes","kubernetes-node"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keikoproj.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-08-25T04:25:56.000Z","updated_at":"2025-07-20T16:38:36.000Z","dependencies_parsed_at":"2024-04-19T01:34:22.414Z","dependency_job_id":"53a9680a-bf6e-4f6d-891a-565e53c3d186","html_url":"https://github.com/keikoproj/aws-auth","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/keikoproj/aws-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Faws-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Faws-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Faws-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Faws-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keikoproj","download_url":"https://codeload.github.com/keikoproj/aws-auth/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keikoproj%2Faws-auth/sbom","scorecard":{"id":553874,"data":{"date":"2025-08-11","repo":{"name":"github.com/keikoproj/aws-auth","commit":"74f8dd0da739d1124a53904da96775bf3a73bef9"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.9,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/10 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/push.yaml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Warn: no topLevel permission defined: .github/workflows/unit-test.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/push.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/push.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/push.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/push.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/push.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/push.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/release.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/release.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/release.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/release.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/unit-test.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/unit-test.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-test.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/keikoproj/aws-auth/unit-test.yaml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:23: pin your Docker image by updating gcr.io/distroless/base-debian11 to gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455","Warn: pipCommand not pinned by hash: Dockerfile:10-13","Info:   0 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  10 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.6.1 not signed: https://api.github.com/repos/keikoproj/aws-auth/releases/208574560","Warn: release artifact v0.5.0 not signed: https://api.github.com/repos/keikoproj/aws-auth/releases/122702223","Warn: release artifact v0.4.1 not signed: https://api.github.com/repos/keikoproj/aws-auth/releases/74017624","Warn: release artifact v0.4.0 not signed: https://api.github.com/repos/keikoproj/aws-auth/releases/70746687","Warn: release artifact v0.6.1 does not have provenance: https://api.github.com/repos/keikoproj/aws-auth/releases/208574560","Warn: release artifact v0.5.0 does not have provenance: https://api.github.com/repos/keikoproj/aws-auth/releases/122702223","Warn: release artifact v0.4.1 does not have provenance: https://api.github.com/repos/keikoproj/aws-auth/releases/74017624","Warn: release artifact v0.4.0 does not have provenance: https://api.github.com/repos/keikoproj/aws-auth/releases/70746687"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/push.yaml:10"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-20T11:46:56.267Z","repository_id":39627077,"created_at":"2025-08-20T11:46:56.267Z","updated_at":"2025-08-20T11:46:56.267Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28854538,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T22:56:21.783Z","status":"ssl_error","status_checked_at":"2026-01-28T22:56:00.861Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-auth","aws-authentication","configmap","eks","eks-roles","kubernetes","kubernetes-node"],"created_at":"2024-08-02T01:01:59.052Z","updated_at":"2026-01-28T23:07:15.505Z","avatar_url":"https://github.com/keikoproj.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"\n# aws-auth\n[![unit-test](https://github.com/keikoproj/aws-auth/actions/workflows/unit-test.yaml/badge.svg?branch=master)](https://github.com/keikoproj/aws-auth/actions/workflows/unit-test.yaml)\n[![codecov](https://codecov.io/gh/keikoproj/aws-auth/branch/master/graph/badge.svg)](https://codecov.io/gh/keikoproj/aws-auth)\n[![Go Report Card](https://goreportcard.com/badge/github.com/keikoproj/aws-auth)](https://goreportcard.com/report/github.com/keikoproj/aws-auth)\n\n\nThe `aws-auth` utility and library makes the management of the `aws-auth` ConfigMap for EKS Kubernetes clusters easier and safer.\n\n## Use cases\n\n- make bootstrapping a node group or removing/adding user access on EKS fast and easy\n\n- useful for automation purposes, any workflow that needs to grant IAM access to an EKS cluster can use this library to modify the config map.\n\n- run as part of a workflow on kubernetes using a docker image\n\nThe `aws-auth` tool is referenced in the AWS EKS best practices documentation [here](https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-tools-to-make-changes-to-the-aws-auth-configmap).\n\n## Install\n\n`aws-auth` includes both a CLI and a [go library](#usage-as-a-library). You can install the CLI via `go get` or as a kubectl plugin via [Krew](https://krew.sigs.k8s.io/) or by downloading a binary from the [releases page](https://github.com/keikoproj/aws-auth/releases).\n\n### go get\n\n```text\ngo get github.com/keikoproj/aws-auth\naws-auth help\n```\n\n### kubectl krew\n\nAlternatively, install aws-auth with the krew plugin manager for kubectl.\n\n```\nkubectl krew install aws-auth\nkubectl aws-auth\n```\n\n### Download release artifact\n\nThe latest release artifacts can be downloaded from the [GitHub releases page](https://github.com/keikoproj/aws-auth/releases/latest).\n\nOr you can use the following command to download the latest release artifact for your platform:\n\n``` bash\ncurl -s https://api.github.com/repos/keikoproj/aws-auth/releases/latest\n| grep \"browser_download_url\" \\\n| grep $(go env GOARCH) | grep $(go env GOOS) \\\n| cut -d : -f 2,3 \\\n| tr -d \\\" \\\n| wget -qi -\n```\n\n## Usage from command line or Krew\n\nEither download/install a released binary or add as a plugin to kubectl via Krew\n\n```text\n$ kubectl krew update\n$ kubectl krew install aws-auth\nInstalling plugin: aws-auth\nInstalled plugin: aws-auth\n\n$ kubectl krew aws-auth\naws-auth modifies the aws-auth configmap on eks clusters\n\nUsage:\n  aws-auth [command]\n\nAvailable Commands:\n  help               Help about any command\n  remove             remove removes a user or role from the aws-auth configmap\n  remove-by-username remove-by-username removes all map roles and map users from the aws-auth configmap\n  upsert             upsert updates or inserts a user or role to the aws-auth configmap\n  version            Version of aws-auth\n\nFlags:\n  -h, --help   help for aws-auth\n\nUse \"aws-auth [command] --help\" for more information about a command.\n```\n\nGiven a config map with the following data:\n\n```text\n$ kubectl get configmap aws-auth -n kube-system -o yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n    name: aws-auth\n    namespace: kube-system\ndata:\n  mapRoles: |\n    - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6\n      username: system:node:{{EC2PrivateDNSName}}\n      groups:\n        - system:bootstrappers\n        - system:nodes\n    - rolearn: arn:aws:iam::555555555555:role/abc\n      username: ops-user\n      groups:\n        - system:masters\n  mapUsers: |\n    - userarn: arn:aws:iam::555555555555:user/a-user\n      username: admin\n      groups:\n        - system:masters\n    - userarn: arn:aws:iam::555555555555:user/a-user\n      username: ops-user\n      groups:\n        - system:masters\n```\n\nRemove all access belonging to an ARN (both mapUser roles will be removed)\n\n```text\n$ aws-auth remove --mapusers --userarn arn:aws:iam::555555555555:user/a-user\nremoved arn:aws:iam::555555555555:user/a-user from aws-auth\n```\n\nRemove by full match (only `mapUsers[0]` will be removed)\n\n```text\n$ aws-auth remove --mapusers --userarn arn:aws:iam::555555555555:user/a-user --username admin --groups system:masters\nremoved arn:aws:iam::555555555555:user/a-user from aws-auth\n```\n\nRemove based on a username\n\nThis command removes all map roles and map users that have matching input username. In the above configmap, map role for roleARN *arn:aws:iam::555555555555:role/abc* and mapUser for userARN *arn:aws:iam::555555555555:user/a-user* will be removed.\n\n```text\n$ aws-auth remove-by-username --username ops-user\n```\n\n\nBootstrap a new node group role\n\n```text\n$ aws-auth upsert --maproles --rolearn arn:aws:iam::555555555555:role/my-new-node-group-NodeInstanceRole-74RF4UBDUKL6 --username system:node:{{EC2PrivateDNSName}} --groups system:bootstrappers system:nodes\nadded arn:aws:iam::555555555555:role/my-new-node-group-NodeInstanceRole-74RF4UBDUKL6 to aws-auth\n```\n\nYou can also add retries with exponential backoff\n\n```text\n$ aws-auth upsert --maproles --rolearn arn:aws:iam::555555555555:role/my-new-node-group-NodeInstanceRole-74RF4UBDUKL6 --username system:node:{{EC2PrivateDNSName}} --groups system:bootstrappers system:nodes --retry\n```\n\nRetries are configurable using the following flags\n\n```text\n      --retry                     Retry on failure with exponential backoff\n      --retry-max-count int       Maximum number of retries before giving up (default 12)\n      --retry-max-time duration   Maximum wait interval (default 30s)\n      --retry-min-time duration   Minimum wait interval (default 200ms)\n```\n\nAppend groups to mapping instead of overwriting by using --append\n\n```\n$ aws-auth upsert --maproles --rolearn arn:aws:iam::00000000000:role/test --username test --groups test --append\n```\n\nAvoid overwriting username by using --update-username=false\n\n```\n$ aws-auth upsert --maproles --rolearn arn:aws:iam::00000000000:role/test --username test2 --groups test --update-username=false\n```\n\nUse the `get` command to get a detailed view of mappings\n\n```\n$ aws-auth get\n\nTYPE        \tARN                                               USERNAME                         \tGROUPS\nRole Mapping\tarn:aws:iam::555555555555:role/my-new-node-group  system:node:{{EC2PrivateDNSName}}\tsystem:bootstrappers, system:nodes\n```\n\nuse impersonate\n```\naws-auth get|update|remove --as \u003cusername\u003e --as-group \u003cgroupname\u003e \n```\n\n## Usage as a library\n\n```go\n\n\npackage main\n\nimport (\n    awsauth \"github.com/keikoproj/aws-auth/pkg/mapper\"\n)\n\nfunc someFunc(client kubernetes.Interface) error {\n    awsAuth := awsauth.New(client, false)\n    myUpsertRole := \u0026awsauth.MapperArguments{\n        MapRoles: true,\n        RoleARN:  \"arn:aws:iam::555555555555:role/my-new-node-group-NodeInstanceRole-74RF4UBDUKL6\",\n        Username: \"system:node:{{EC2PrivateDNSName}}\",\n        Groups: []string{\n            \"system:bootstrappers\",\n            \"system:nodes\",\n        },\n        WithRetries: true,\n        MinRetryTime:   time.Millisecond * 100,\n        MaxRetryTime:   time.Second * 30,\n        MaxRetryCount:  12,\n    }\n\n    err = awsAuth.Upsert(myUpsertRole)\n    if err != nil {\n        return err\n    }\n}\n\n```\n\n## Run in a container\n\n```shell\n$ docker run \\\n-v ~/.kube/:/root/.kube/ \\\n-v ~/.aws/:/root/.aws/ \\\nkeikoproj/aws-auth:latest \\\naws-auth upsert --mapusers \\\n--userarn arn:aws:iam::555555555555:user/a-user \\\n--username admin \\\n--groups system:masters\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeikoproj%2Faws-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeikoproj%2Faws-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeikoproj%2Faws-auth/lists"}