[V2] New CLI examples for EKS (#9598)

Author: github-actions[bot]

awscli/examples/eks/associate-access-policy.rst

@@ -0,0 +1,29 @@
+**To associate an access policy and its scope to the access entry of the cluster**
+
+The following ``associate-access-policy`` associates an access policy and its scope to the access entry of the specified cluster. ::
+
+    aws eks associate-access-policy \
+        --cluster-name eks-customer \
+        --principal-arn arn:aws:iam::111122223333:role/Admin \
+        --policy-arn arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy \
+        --access-scope type=namespace,namespaces=default
+
+Output::
+
+    {
+        "clusterName": "eks-customer",
+        "principalArn": "arn:aws:iam::111122223333:role/Admin",
+        "associatedAccessPolicy": {
+            "policyArn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy",
+            "accessScope": {
+                "type": "namespace",
+                "namespaces": [
+                    "default"
+                ]
+            },
+            "associatedAt": "2025-05-24T15:59:51.981000-05:00",
+            "modifiedAt": "2025-05-24T15:59:51.981000-05:00"
+        }
+    }
+
+For more information, see `Associate access policies with access entries <https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html>`__ in the *Amazon EKS User Guide*.

awscli/examples/eks/create-access-entry.rst

@@ -0,0 +1,54 @@
+**Example 1: To create the access entry for EKS cluster**
+
+The following ``create-access-entry`` example creates an access entry that allows an IAM principal to access the EKS cluster. ::
+
+    aws eks create-access-entry \
+        --cluster-name eks-customer \
+        --principal-arn arn:aws:iam::111122223333:user/eks-user
+
+Output::
+
+    {
+        "accessEntry": {
+            "clusterName": "eks-customer",
+            "principalArn": "arn:aws:iam::111122223333:user/eks-user",
+            "kubernetesGroups": [],
+            "accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/user/111122223333/eks-user/a1b2c3d4-5678-90ab-cdef-a6506e3d36p0",
+            "createdAt": "2025-04-14T22:45:48.097000-05:00",
+            "modifiedAt": "2025-04-14T22:45:48.097000-05:00",
+            "tags": {},
+            "username": "arn:aws:iam::111122223333:user/eks-user",
+            "type": "STANDARD"
+        }
+    }
+
+For more information, see `Create access entries <https://docs.aws.amazon.com/eks/latest/userguide/creating-access-entries.html>`__ in the *Amazon EKS User Guide*.
+
+**Example 2: To create the access entry for EKS cluster by specifying the type of access entry**
+
+The following ``create-access-entry`` example creates an access entry of type ``EC2_LINUX`` in the EKS cluster. By default, a type ``STANDARD`` access entry is created. Apart from the default, if we specify any other access entry types, an IAM role ARN needs to be passed in the CLI. ::
+
+    aws eks create-access-entry \
+        --cluster-name eks-customer \
+        --principal-arn arn:aws:iam::111122223333:role/admin-test-ip \
+        --type EC2_LINUX
+
+Output::
+
+    {
+        "accessEntry": {
+            "clusterName": "eks-customer",
+            "principalArn": "arn:aws:iam::111122223333:role/admin-test-ip",
+            "kubernetesGroups": [
+                "system:nodes"
+            ],
+            "accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/role/111122223333/admin-test-ip/accb5418-f493-f390-3e6e-c3f19f725fcp",
+            "createdAt": "2025-05-06T19:42:45.453000-05:00",
+            "modifiedAt": "2025-05-06T19:42:45.453000-05:00",
+            "tags": {},
+            "username": "system:node:{{EC2PrivateDNSName}}",
+            "type": "EC2_LINUX"
+        }
+    }
+
+For more information, see `Create access entries <https://docs.aws.amazon.com/eks/latest/userguide/creating-access-entries.html>`__ in the *Amazon EKS User Guide*.

awscli/examples/eks/create-pod-identity-association.rst

@@ -0,0 +1,59 @@
+**Example 1: To create an EKS Pod Identity association in EKS cluster**
+
+The following ``create-pod-identity-association`` example creates an EKS Pod Identity association between a service account in the EKS cluster and an IAM role. ::
+
+    aws eks create-pod-identity-association \
+        --cluster-name eks-customer \
+        --namespace default \
+        --service-account default \
+        --role-arn arn:aws:iam::111122223333:role/my-role
+
+Output::
+
+    {
+        "association": {
+            "clusterName": "eks-customer",
+            "namespace": "default",
+            "serviceAccount": "default",
+            "roleArn": "arn:aws:iam::111122223333:role/my-role",
+            "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-8mvwvh57cu74mgcst",
+            "associationId": "a-8mvwvh57cu74mgcst",
+            "tags": {},
+            "createdAt": "2025-05-24T19:40:13.961000-05:00",
+            "modifiedAt": "2025-05-24T19:40:13.961000-05:00"
+        }
+    }
+
+For more information, see `Learn how EKS Pod Identity grants pods access to AWS services <https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html>`__ in the *Amazon EKS User Guide*.
+
+**Example 2: To create an EKS Pod Identity association in EKS cluster with tags**
+
+The following ``create-pod-identity-association`` creates an EKS Pod Identity association between a service account and an IAM role in the EKS cluster with tags. ::
+
+    aws eks create-pod-identity-association \
+        --cluster-name eks-customer \
+        --namespace default \
+        --service-account default \
+        --role-arn arn:aws:iam::111122223333:role/my-role \
+        --tags Key1=value1,Key2=value2
+
+Output::
+
+    {
+        "association": {
+            "clusterName": "eks-customer",
+            "namespace": "default",
+            "serviceAccount": "default",
+            "roleArn": "arn:aws:iam::111122223333:role/my-role",
+            "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgoda",
+            "associationId": "a-9njjin9gfghecgoda",
+            "tags": {
+                "Key2": "value2",
+                "Key1": "value1"
+            },
+            "createdAt": "2025-05-24T19:52:14.135000-05:00",
+            "modifiedAt": "2025-05-24T19:52:14.135000-05:00"
+        }
+    }
+
+For more information, see `Learn how EKS Pod Identity grants pods access to AWS services <https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html>`__ in the *Amazon EKS User Guide*.

awscli/examples/eks/delete-access-entry.rst

@@ -0,0 +1,11 @@
+**To delete an access entry associated with the cluster**
+
+The following ``delete-access-entry`` deletes an access entry associated with the EKS cluster named ``eks-customer``. ::
+
+    aws eks delete-access-entry \
+        --cluster-name eks-customer \
+        --principal-arn arn:aws:iam::111122223333:role/Admin
+
+This command produces no output.
+
+For more information, see `Delete access entries <https://docs.aws.amazon.com/eks/latest/userguide/deleting-access-entries.html>`__ in the *Amazon EKS User Guide*.

awscli/examples/eks/delete-pod-identity-association.rst

@@ -0,0 +1,28 @@
+**To delete the EKS Pod Identity association**
+
+The following ``delete-pod-identity-association`` example deletes the EKS Pod Identity association with association ID ``a-9njjin9gfghecgocd`` from the EKS cluster named ``eks-customer``. ::
+
+    aws eks delete-pod-identity-association \
+        --cluster-name eks-customer \
+        --association-id a-9njjin9gfghecgocd
+
+Output::
+
+    {
+        "association": {
+            "clusterName": "eks-customer",
+            "namespace": "default",
+            "serviceAccount": "default",
+            "roleArn": "arn:aws:iam::111122223333:role/s3-role",
+            "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd",
+            "associationId": "a-9njjin9gfghecgocd",
+            "tags": {
+                "Key2": "value2",
+                "Key1": "value1"
+            },
+            "createdAt": "2025-05-24T19:52:14.135000-05:00",
+            "modifiedAt": "2025-05-25T21:10:56.923000-05:00"
+        }
+    }
+
+For more information, see `Learn how EKS Pod Identity grants pods access to AWS services <https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html>`__ in the *Amazon EKS User Guide*.

awscli/examples/eks/describe-access-entry.rst

@@ -0,0 +1,25 @@
+**To describe the access entry for EKS cluster**
+
+The following ``describe-access-entry`` example describes an access entry for the EKS cluster. ::
+
+    aws eks describe-access-entry \
+        --cluster-name eks-customer \
+        --principal-arn arn:aws:iam::111122223333:user/eks-admin-user
+
+Output::
+
+    {
+        "accessEntry": {
+            "clusterName": "eks-customer",
+            "principalArn": "arn:aws:iam::111122223333:user/eks-admin-user",
+            "kubernetesGroups": [],
+            "accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/user/111122223333/eks-admin-user/0acb1bc6-cb0a-ede6-11ae-a6506e3d36p0",
+            "createdAt": "2025-04-14T22:45:48.097000-05:00",
+            "modifiedAt": "2025-04-14T22:45:48.097000-05:00",
+            "tags": {},
+            "username": "arn:aws:iam::111122223333:user/eks-admin-user",
+            "type": "STANDARD"
+        }
+    }
+
+For more information, see `Grant IAM users access to Kubernetes with EKS access entries <https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html>`__ in the *Amazon EKS User Guide*.

awscli/examples/eks/describe-insight.rst

@@ -0,0 +1,36 @@
+**To get the details of an insight for an EKS cluster using its ID**
+
+The following ``describe-insight`` example returns the details about the insight specified using the cluster name and insight ID. ::
+
+    aws eks describe-insight \
+        --cluster-name eks-customer \
+        --id 38ea7a64-a14f-4e0e-95c7-8dbcab3c3623
+
+Output::
+
+    {
+        "insight": {
+            "id": "38ea7a64-a14f-4e0e-95c7-8dbcab3c3623",
+            "name": "Kubelet version skew",
+            "category": "UPGRADE_READINESS",
+            "kubernetesVersion": "1.33",
+            "lastRefreshTime": "2025-05-24T11:22:50-05:00",
+            "lastTransitionTime": "2025-05-24T11:22:50-05:00",
+            "description": "Checks for kubelet versions of worker nodes in the cluster to see if upgrade would cause noncompliance with supported Kubernetes kubelet version skew policy.",
+            "insightStatus": {
+                "status": "PASSING",
+                "reason": "Node kubelet versions match the cluster control plane version."
+            },
+            "recommendation": "Upgrade your worker nodes to match the Kubernetes version of your cluster control plane.",
+            "additionalInfo": {
+                "Kubelet version skew policy": "https://kubernetes.io/releases/version-skew-policy/#kubelet",
+                "Updating a managed node group": "https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html"
+            },
+            "resources": [],
+            "categorySpecificSummary": {
+                "deprecationDetails": []
+            }
+        }
+    }
+
+For more information, see `View cluster insights <https://docs.aws.amazon.com/eks/latest/userguide/view-cluster-insights.html>`__ in the *Amazon EKS User Guide*.

awscli/examples/eks/describe-pod-identity-association.rst

@@ -0,0 +1,28 @@
+**To provide the details about Pod Identity association**
+
+The following ``describe-pod-identity-association`` example describes a Pod Identity association in the EKS cluster. ::
+
+    aws eks describe-pod-identity-association \
+        --cluster-name eks-customer \
+        --association-id a-9njjin9gfghecgocd
+
+Output::
+
+    {
+        "association": {
+            "clusterName": "eks-customer",
+            "namespace": "default",
+            "serviceAccount": "default",
+            "roleArn": "arn:aws:iam::111122223333:role/my-role",
+            "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd",
+            "associationId": "a-9njjin9gfghecgocd",
+            "tags": {
+                "Key2": "value2",
+                "Key1": "value1"
+            },
+            "createdAt": "2025-05-24T19:52:14.135000-05:00",
+            "modifiedAt": "2025-05-24T19:52:14.135000-05:00"
+        }
+    }
+
+For more information, see `Learn how EKS Pod Identity grants pods access to AWS services <https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html>`__ in the *Amazon EKS User Guide*.

awscli/examples/eks/disassociate-access-policy.rst

@@ -0,0 +1,12 @@
+**To disassociate the access policy from an access entry**
+
+The following ``disassociate-access-policy`` removes the access policy associated with the access entry. ::
+
+    aws eks disassociate-access-policy \
+        --cluster-name eks-customer \
+        --principal-arn arn:aws:iam::111122223333:role/Admin \
+        --policy-arn arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy
+
+This command produces no output.
+
+For more information, see `Associate access policies with access entries <https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html>`__ in the *Amazon EKS User Guide*.

awscli/examples/eks/list-access-entries.rst

@@ -0,0 +1,19 @@
+**To list the access entries for an EKS cluster**
+
+The following ``list-access-entries`` returns the list of access entries associated with the EKS cluster ``eks-customer``. ::
+
+    aws eks list-access-entries \
+        --cluster-name eks-customer
+
+Output::
+
+    {
+        "accessEntries": [
+            "arn:aws:iam::111122223333:role/Admin",
+            "arn:aws:iam::111122223333:role/admin-test-ip",
+            "arn:aws:iam::111122223333:role/assume-worker-node-role",
+            "arn:aws:iam::111122223333:user/eks-admin-user"
+        ]
+    }
+
+For more information, see `Grant IAM users access to Kubernetes with EKS access entries <https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html>`__ in the *Amazon EKS User Guide*.