Releasing IAM EKS User Mapper in open-source
So, why did we decide to build this? Well, at Qovery, we saw how tedious and error-prone it can be to manually handle cluster access. We thought, "There's got to be a better way!" And thus, the IAM EKS User Mapper was born, crafted with love in Rust 🦀. Why Rust, you ask? It's simple: for its unparalleled performance and reliability. We wanted a tool as robust and dependable as your needs.
Here’s a sneak peek into what makes this tool a must-have:
- Group Users Sync: Say goodbye to the hassle of manually updating access rights. This feature automatically syncs IAM users from groups directly into your Kubernetes cluster’s aws-auth configmap. It's all about making your life easier.
- SSO Support: We know how crucial SSO is for secure and efficient access management. That’s why our tool supports SSO roles in the aws-auth configmap, making it a breeze for users to connect to the cluster.
By open-sourcing the IAM EKS User Mapper, we’re inviting you to join in, contribute, and help shape the future of Kubernetes access management. Whether you're bug hunting, suggesting new features, or coding up a storm, we’re here for it and appreciate your input.
We’d love to hear from you. How do you currently handle Kubernetes cluster access? Any challenges or tips you'd like to share? Your experiences and feedback are gold to us. Please use this reddit thread or open an issue on GitHub if you want to share your experience.
In a nutshell, the IAM EKS User Mapper is our way of making Kubernetes management a little less stressful and a lot more secure. We can’t wait to see how you use it and make it even better.
Repository: IAM EKS User Mapper Repository
.svg)
.svg)
.svg)
Suggested articles
Scaling your deployments to zero is only half the battle. If your cluster autoscaler does not aggressively bin-pack and terminate the underlying worker nodes, you are still paying for idle metal. True environment sleeping requires tight integration between your ingress layer and your node provisioner to actually realize FinOps savings.
The biggest mistake enterprises make when evaluating Kubernetes management platforms is confusing infrastructure provisioning with Day-2 operations. Tools like Terraform or kOps are excellent for spinning up the underlying EC2 instances and networking, but they do absolutely nothing to prevent configuration drift, automate certificate rotation, or right-size your idle workloads once the cluster is actually running.
For years, Red Hat OpenShift has been the safe choice for heavily regulated, on-premise environments. It operates as a secure fortress. But in the public cloud, that fortress acts as an expensive prison. Paying proprietary per-core licensing fees on top of your standard AWS or GCP compute bill is a redundant "middleware tax." Escaping OpenShift requires decoupling your infrastructure from your developer experience by running standard, vanilla Kubernetes paired with an agentic control plane.
Agentic Kubernetes resource reclamation is the practice of using an autonomous control plane to continuously identify, suspend, and delete idle infrastructure across a multi-cloud Kubernetes fleet. It replaces manual cleanup and reactive autoscaling with intent-based policies that act on business state, eliminating the configuration drift and cloud waste typical of unmanaged fleets.
Kubernetes focuses on container orchestration, but the reality on the ground is far less forgiving. Provisioning a single cluster is a trivial Day-1 exercise. The true operational nightmare begins on Day 2. Teams that treat multi-cloud fleets like isolated pets inevitably face crushing YAML configuration drift, runaway AWS bills, and severe scaling bottlenecks.
Rancher solved the Day-1 problem of launching clusters across disparate bare-metal environments. But in 2026, launching clusters is no longer the bottleneck. The real failure point is Day-2: managing the operational chaos, security patching, and configuration drift on top of them. Rancher is a heavy, ops-focused fleet manager that completely ignores the application developer. If your goal is developer velocity and automated FinOps, you must graduate from basic fleet management to an intent-based Kubernetes Management Platform like Qovery.
The shift from AI copilots to autonomous agents is redefining infrastructure requirements. Discover how to build secure, stateful, and compliant Agentic AI systems using Kubernetes, sandboxing, and observability while meeting EU AI Act standards
.webp)