1. Introduction As Kubernetes adoption grows across organizations, controlling who can do what inside a cluster becomes critical. In Amazon EKS, this challenge is compounded by the interaction between AWS IAM, EKS authentication, and Kubernetes RBAC. In many teams, developers only need to deploy and update applications, but not manage cluster infrastructure or access sensitive data like secrets. Granting them full admin access increases risk and violates the principle of least privilege. In this blog, i will walk through a realāworld, productionāready RBAC implementation in Amazon EKS that allows a QA/deployment user to: Update deployments Monitor rollouts Push images to ECR ā¦while explicitly restricting all administrative and destructive actions. 2. What is RBAC and Why Do We Need It? RBAC (RoleāBased Access Control) is a Kubernetes authorization mechanism that controls who can access which resources and perform which actions inside a cluster. RBAC answers three key questions: Who is the user or service?ā¦
