AWS EKS: How is the first user added to system:masters group by EKS

Question

EKS documentation says

\"When you create an Amazon EKS cluster, the IAM entity (user or role) is automatically granted system:master permissions in the c

Answer 1

when you create your cluster, you also install aws-iam-authenticator, and since you created the cluster, I'm sure you have ~/.aws/credentials.

If you check the aws-auth file you can see it has aws-iam-authenticator in it.

also you have ~/.kube/config file where you can see that iam-authenticator maps your AWS-PROFILE as a ConfigMap.

so when over you run kubectl commandit reads kube config file to authenticate with your cluster.