Why is the aws-auth ConfigMap Deprecated in EKS?

If you're looking for a detailed write-up, check out this article: *https://towardsaws.com/enhancing-eks-access-control-ditch-the-aws-auth-configmap-for-access-entry-91683b47e6fc*. It explains the changes and benefits really well!

Exactly! The need for existing access to grant access was a major drawback. It was a nightmare for automation since messing up the config could lead to locking yourself out—definitely not ideal. With EKS access entries, you can edit things through the AWS Console or other APIs without ever needing cluster access, making it much more user-friendly and manageable.

And let's not forget about Terraform! Managing access with the config map isn't straightforward at all when using it. Access entries make it a lot easier to control everything with infrastructure as code, which is a big plus for developers.

I've definitely been there—locking myself out of a new cluster because I mistakenly changed the config map. It's good to see AWS taking steps to improve usability. This really does simplify access management for everyone!

It seems like the community has been asking for changes for years. One of the biggest issues was that the config map was an in-cluster resource, which meant you had to be authenticated to make edits. Plus, when you created a cluster, AWS would automatically add the principal you used to create it as an administrator. This could lock you out of your own cluster if you accidentally deleted the config map. Now, with access entries, AWS has turned this into an API feature and hidden the config map from view, which reduces the chances of locking yourself out. You can manage access without needing to go through the cluster's API, which is a huge relief!