https://github.com/camptocamp/aws-iam-authenticator-proxy

A simple HTTP proxy to share AWS IAM authentication
https://github.com/camptocamp/aws-iam-authenticator-proxy

amazon-web-services authentication aws eks kubernetes proxy

Last synced: 5 months ago
JSON representation

A simple HTTP proxy to share AWS IAM authentication

• Host: GitHub
• URL: https://github.com/camptocamp/aws-iam-authenticator-proxy
• Owner: camptocamp
• License: apache-2.0
• Created: 2018-11-01T09:45:52.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2022-11-29T14:42:33.000Z (over 3 years ago)
• Last Synced: 2024-06-19T19:39:58.703Z (about 2 years ago)
• Topics: amazon-web-services, authentication, aws, eks, kubernetes, proxy
• Language: Makefile
• Size: 73.2 KB
• Stars: 2
• Watchers: 10
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
aws-iam-authenticator HTTP Proxy

================================

[![Docker Pulls](https://img.shields.io/docker/pulls/camptocamp/aws-iam-authenticator-proxy.svg)](https://hub.docker.com/r/camptocamp/aws-iam-authenticator-proxy/)

[![Go Report Card](https://goreportcard.com/badge/github.com/camptocamp/aws-iam-authenticator-proxy)](https://goreportcard.com/report/github.com/camptocamp/aws-iam-authenticator-proxy)

[![By Camptocamp](https://img.shields.io/badge/by-camptocamp-fb7047.svg)](http://www.camptocamp.com)

Amazon Services require valid accounts to be used. This proxy allows external

users to access an AWS EKS cluster without requiring access to AWS credentials.

**Disclaimer**: the proxy does not implement any form of authentication. You are

responsible for implementing whatever security measure you wish to enforce in

front of it.

### Example usage

In order to give access to an AWS EKS cluster without distribution credentials,

you can start the proxy with the necessary credentials as well as the cluster ID. For example, using Docker:

```bash

$ docker run --rm -p 8080:8080 \

             -e AWS_ACCESS_KEY_ID= \

             -e AWS_SECRET_ACCESS_KEY= \

             -e EKS_CLUSTER_ID= \

             -e PSK="mysecretstring" \

    camptocamp/aws-iam-authenticator-proxy:latest

```

You should then be able to retrieve authentication tokens for your user at

http://localhost:8080.

If a PSK is passed, you will need to pass its value in the URL as http://localhost:8080?psk=mysecretstring.

You can set up your `~/.kube/config` to use the `exec` authentication mechanism

using `curl`:

```yaml

users:

- name: 

  user:

    exec:

      apiVersion: client.authentication.k8s.io/v1alpha1

      command: curl

      args:

        - -s

        - "http://:8080/"

```