Releasing IAM EKS User Mapper in open-source
So, why did we decide to build this? Well, at Qovery, we saw how tedious and error-prone it can be to manually handle cluster access. We thought, "There's got to be a better way!" And thus, the IAM EKS User Mapper was born, crafted with love in Rust 🦀. Why Rust, you ask? It's simple: for its unparalleled performance and reliability. We wanted a tool as robust and dependable as your needs.
Here’s a sneak peek into what makes this tool a must-have:
- Group Users Sync: Say goodbye to the hassle of manually updating access rights. This feature automatically syncs IAM users from groups directly into your Kubernetes cluster’s aws-auth configmap. It's all about making your life easier.
- SSO Support: We know how crucial SSO is for secure and efficient access management. That’s why our tool supports SSO roles in the aws-auth configmap, making it a breeze for users to connect to the cluster.
By open-sourcing the IAM EKS User Mapper, we’re inviting you to join in, contribute, and help shape the future of Kubernetes access management. Whether you're bug hunting, suggesting new features, or coding up a storm, we’re here for it and appreciate your input.
We’d love to hear from you. How do you currently handle Kubernetes cluster access? Any challenges or tips you'd like to share? Your experiences and feedback are gold to us. Please use this reddit thread or open an issue on GitHub if you want to share your experience.
In a nutshell, the IAM EKS User Mapper is our way of making Kubernetes management a little less stressful and a lot more secure. We can’t wait to see how you use it and make it even better.
Repository: IAM EKS User Mapper Repository
.svg)
.svg)
.svg)
Suggested articles
Agentic Kubernetes resource reclamation is the practice of using an autonomous control plane to continuously identify, suspend, and delete idle infrastructure across a multi-cloud Kubernetes fleet. It replaces manual cleanup and reactive autoscaling with intent-based policies that act on business state, eliminating the configuration drift and cloud waste typical of unmanaged fleets.
Kubernetes focuses on container orchestration, but the reality on the ground is far less forgiving. Provisioning a single cluster is a trivial Day-1 exercise. The true operational nightmare begins on Day 2. Teams that treat multi-cloud fleets like isolated pets inevitably face crushing YAML configuration drift, runaway AWS bills, and severe scaling bottlenecks.
The shift from AI copilots to autonomous agents is redefining infrastructure requirements. Discover how to build secure, stateful, and compliant Agentic AI systems using Kubernetes, sandboxing, and observability while meeting EU AI Act standards
Effective Kubernetes management in 2026 demands a shift from manual cluster building to intent-based fleet orchestration. By implementing agentic automation on standard EKS, GKE, or AKS clusters, enterprises eliminate operational weight, prevent configuration drift, and proactively control cloud spend without vendor lock-in, enabling effective scaling across massive fleets.
A Kubernetes single pane of glass is a centralized management layer that unifies visibility, access control, cost allocation, and policy enforcement across § cluster in an enterprise fleet for all cloud providers. It replaces the fragmented practice of switching between AWS, GCP, and Azure consoles to govern infrastructure, giving platform teams a single source of truth for multi-cloud Kubernetes operations.
Deploying a Docker container on Kubernetes requires building an image, authenticating with a registry, writing YAML deployment manifests, configuring services, and executing kubectl commands. While necessary to understand, executing this manual workflow across thousands of clusters causes severe configuration drift. Enterprise platform teams use agentic platforms to automate the entire deployment lifecycle.
Optimizing Kubernetes on AWS is less about raw compute and more about surviving Day-2 operations. A standard failure mode occurs when teams scale the control plane while ignoring Amazon VPC IP exhaustion. When the cluster autoscaler triggers, nodes provision but pods fail to schedule due to IP depletion. Effective scaling requires network foresight before compute allocation.
At enterprise scale, managing provider-specific Kubernetes YAML across multiple clouds creates crippling configuration drift and operational toil. By adopting an agentic Kubernetes management platform, infrastructure teams abstract cloud-specific configurations (like ingress controllers and storage classes) into a single, declarative intent that automatically reconciles across 1,000+ clusters.
.webp)