We have SSO configured in the main AWS account and we log in to the child AWS account using that SSO link. Now we have created an EKS cluster in the child account but we are not able to view the Node and other resources due to aws-auth config settings. How to check the current role we have assumed in the child account so that we can update the same in the aws-auth configmap of the EKS cluster so that we would be able to see them?

CodePudding user response：

Use the aws cli,

aws sts get-caller-identity --profile <profileName>

will return the assumed role in the form off

"arn:aws:sts:AccountId:assumed-role/RoleName/SSOemail"

and pass the RoleName in --role-name parameter as shown below, this should give you what you ask for.

aws iam get-role --role-name RoleName --profile profileName

Adding some additional info on setting up sso login via your localhost using aws cli, essentially you just need to have aws cli and a configs file that has entries, you can create the configs file on your host and then source it using env variable.

ConfigFile:

[default]
region = region
output = yaml

[profile myProfileName]
sso_start_url = 
sso_region = 
sso_account_id = 
sso_role_name = 
region = 
output = json

and set env variable to the path of your file that holds the profiles,

AWS_CONFIG_FILE=/path/to/the/config/file

then you can login to you account using

aws sso login --profile myProfileName

and then you will be able to execute the above commands, this is a very neat way to manage and trouble your organization accounts via a single point.