Create AWS IAM Cluster Administrator User

Principle of Least Privilege

Adhering to the principle of least privilege is crucial when allocating permissions, ensuring that the Service Account (SA) receives only the rights essential for executing the necessary tasks. Specifically, it is vital to avoid employing AWS account root privileges for deploying and managing the YOUnite cluster.

Note: These pages are to help clarify creating the IAM cluster administrator (Cluster SA) but are subject to change and the best reference is AWS' documentation:

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console

Example

An AWS account administrator logs into the account the YOUnite Kubernetes Cluster will run from and selects Add User from the Identity and Access Management (IAM) dashboard and performs the following:

Create a Group e.g. younite-devops and set the following policies:

Skip the optional "Add Tags" page (unless of course you want to add a tag) then add the user.

Use one of the methods described above to get the Access Key ID and Secret access key and keep them in a safe place.