AWS EKS¶
Early Access
This integration is in early access. Features and configuration may change.
Connect your AWS EKS clusters to analyze Kubernetes resources, deployments, and service topology.
Prerequisites¶
- An AWS account with EKS clusters
- Permissions to create IAM roles and policies
- Access to configure EKS cluster access entries
Setup Steps¶
Step 1: Create an IAM Policy¶
Create a custom IAM policy with the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"eks:DescribeCluster",
"eks:ListClusters",
"eks:AccessKubernetesApi"
],
"Resource": "*"
}
]
}
Step 2: Create an IAM Role¶
- Create a new IAM role for web identity federation
- Configure the trust relationship to allow OpenTrace to assume the role:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "accounts.google.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"accounts.google.com:aud": "YOUR_OPENTRACE_CLIENT_ID"
}
}
}
]
}
- Attach the policy created in Step 1 to this role
- Note the Role ARN for the next steps
Step 3: Configure EKS Access Entries¶
For each EKS cluster you want to connect:
- Go to your EKS cluster in the AWS Console
- Navigate to Access > Access entries
- Click Create access entry
- Enter the IAM Role ARN from Step 2
- Add the
AmazonEKSViewPolicyaccess policy
Step 4: Connect in OpenTrace¶
- Navigate to Integrations > AWS EKS in the OpenTrace UI
- Enter your IAM Role ARN
- Add your EKS cluster details (name and region)
- Click Connect
What Gets Collected¶
- Cluster configuration
- Namespace and deployment information
- Service topology
- Pod and container status
- Resource relationships
Data Collection
OpenTrace collects Kubernetes resource metadata only. No sensitive data like secrets or environment variables are accessed.