AWS Setup Guide

Prerequisites

• AWS account with EKS clusters
• IAM user or role with appropriate permissions
• Access to AWS Console or CLI

Step 1: Create IAM Policy

Create an IAM policy with the necessary permissions for discovery and identity verification:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "eks:ListClusters",
        "eks:DescribeCluster",
        "ec2:DescribeRegions",
        "sts:GetCallerIdentity"
      ],
      "Resource": "*"
    }
  ]
}

Step 2: Create IAM User

1. Go to IAM → Users in the AWS Console
2. Click "Add users"
3. Name it "korpro-reader"
4. Attach the policy you created in Step 1
5. Click "Create user"

Step 3: Generate Access Keys

1. Click on the IAM user you created
2. Go to the "Security credentials" tab
3. Click "Create access key"
4. Select "Application running outside AWS"
5. Download or copy the Access Key ID and Secret Access Key

Step 4: Connect to KorPro

1. In KorPro, go to Settings → Cloud Providers → AWS
2. Click "Add AWS Account"
3. Enter your Access Key ID and Secret Access Key
4. Select the AWS regions where your EKS clusters are located
5. Click "Connect"

Step 5: Grant EKS Cluster Access (per cluster)

For EKS, IAM permissions alone are not enough to query the Kubernetes API. You must grant the IAM principal access to each EKS cluster. In the AWS Console, go to EKS → Clusters → [Your Cluster] → Access tab. Create an Access entry for your principal ARN (e.g., arn:aws:iam::ACCOUNT_ID:user/korpro-reader).

Step 6: Attach an EKS Access Policy

After creating the access entry, you must attach an EKS access policy. We recommend associating AmazonEKSViewPolicy. Wait 1-2 minutes for propagation before retrying the analysis.

Troubleshooting