Releasing IAM EKS User Mapper in open-source
So, why did we decide to build this? Well, at Qovery, we saw how tedious and error-prone it can be to manually handle cluster access. We thought, "There's got to be a better way!" And thus, the IAM EKS User Mapper was born, crafted with love in Rust 🦀. Why Rust, you ask? It's simple: for its unparalleled performance and reliability. We wanted a tool as robust and dependable as your needs.
Here’s a sneak peek into what makes this tool a must-have:
- Group Users Sync: Say goodbye to the hassle of manually updating access rights. This feature automatically syncs IAM users from groups directly into your Kubernetes cluster’s aws-auth configmap. It's all about making your life easier.
- SSO Support: We know how crucial SSO is for secure and efficient access management. That’s why our tool supports SSO roles in the aws-auth configmap, making it a breeze for users to connect to the cluster.
By open-sourcing the IAM EKS User Mapper, we’re inviting you to join in, contribute, and help shape the future of Kubernetes access management. Whether you're bug hunting, suggesting new features, or coding up a storm, we’re here for it and appreciate your input.
We’d love to hear from you. How do you currently handle Kubernetes cluster access? Any challenges or tips you'd like to share? Your experiences and feedback are gold to us. Please use this reddit thread or open an issue on GitHub if you want to share your experience.
In a nutshell, the IAM EKS User Mapper is our way of making Kubernetes management a little less stressful and a lot more secure. We can’t wait to see how you use it and make it even better.
Repository: IAM EKS User Mapper Repository
.svg)
.svg)
.svg)
Suggested articles
Kubernetes success is determined by Day 2 execution, not Day 1 deployment. While migration is a bounded project, maintenance is an infinite loop that often consumes 40% of senior engineering capacity. To protect margins and velocity, enterprises must transition from manual toil to agentic automation that handles scaling, security, and cost.
Day-0 is planning, Day-1 is deployment, and Day-2 is the infinite lifecycle of maintenance. While Day-0/1 are foundational, Day-2 is where enterprise operational debt accumulates. At fleet scale (1,000+ clusters), managing these differences manually is impossible, requiring agentic automation to maintain stability and eliminate toil.
A multi-cluster Kubernetes architecture distributes application workloads across geographically separated clusters rather than a single environment. This strategy strictly isolates failure domains, ensures regional data compliance, and guarantees global high availability, but demands centralized Day-2 control to prevent exponential cloud costs and operational sprawl.
Stop overpaying for Kubernetes observability. Learn how in-cluster monitoring and AI-driven troubleshooting with Qovery Observe can eliminate APM ingestion fees, reduce SRE bottlenecks, and make your cloud costs predictable.
Kubernetes multi-cluster management is the Day-2 operational practice of orchestrating applications, security, and configurations across geographically distributed clusters. Because native Kubernetes was designed for single-cluster orchestration, enterprise platform teams must implement a centralized control plane to prevent configuration drift and manage a global fleet without scaling manual toil.
Achieving zero-downtime deployments on Kubernetes requires more than running multiple pods. It demands a standardized architecture utilizing Pod Disruption Budgets (PDBs), precise liveness and readiness probes, pod anti-affinity, and graceful termination handling. At an enterprise scale, these configurations must be enforced via a centralized control plane to prevent catastrophic configuration drift.
.webp)