Opal + AWS EKS

Product Overview

Amazon Elastic Kubernetes Service (Amazon EKS) is a fully-managed, certified Kubernetes conformant service that simplifies the process of building, securing, operating, and maintaining Kubernetes clusters on AWS. Amazon EKS integrates with core AWS services such as CloudWatch, Auto Scaling Groups, and IAM to provide a seamless experience for monitoring, scaling and load balancing your containerized applications.

Integration Overview

Opal lets you define fine-grained access controls to Kubernetes clusters on EKS using federated IAM sessions. This simplifies and unifies access controls to AWS IAM while enabling developers to connect easily and request new access to many different clusters. Similar to other integrations, sessions are logged and captured with attribution.

Use cases

1. Modern Access Management

Opal integrates with EKS clusters with granular access levels. Using Opal, customers can:

  • Grant just-in-time access to critical resources that are auto-expiring and fully audited
  • Enable resource owners with the most context to approve access requests and provision access automatically via Slack
  • Ensure that privileged roles have the appropriate identity governance and approval configurations, such as multi-stage approvals, max duration, custom fields, and more
  • Automate user access reviews so compliance teams can snapshot user listings, assign reviewers to self-service reviews, propagate access changes, and generate an auditor-friendly access report
  • Automatically escalate privileges (and revoke access) when developers are on-call via integrations with PagerDuty and Opsgenie

2. Privileged Access Management

To support native developer workflows, Opal has:

  • Easy way for developers to start sessions via the web or CLI
  • Audit logs for user attribution

Integration Setup

EC2 can be imported using Opal's AWS connectors.

1. In the Apps sidebar, click on "New App", and select Amazon Web Services

2. Opal requires an IAM user to manage your AWS Cloud on your behalf. To simplify the process of creating a user with the proper IAM policies, you can use our official CloudFormation Stack to automatically generate one.

  1. Once the user is created, admins just need to fill out the form to add user access key ID and user secret access key.

Connect with our team