Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

github.com/aws-observability/amp-eks-iam

Package Overview
Dependencies
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/aws-observability/amp-eks-iam

Source
Go
Version
v0.0.0-20230301182651-f5e74a1906c4
Version published
Created
Source

🔑 amp-eks-iam

amp-eks-iam creates an IAM role to give remote write privileges to an EKS service account. If you are collecting Prometheus metrics on EKS and want to send them to Amazon Managed Service for Prometheus (AMP), you can use this tool to give minimal privileges to your Kubernetes namespace and service account.

Installation

$ go get github.com/aws-observability/amp-eks-iam

Usage

amp-eks-iam <cluster flags> [options...]

amp-eks-iam creates the required IAM policies and roles to give
remote write priviledges to an EKS service account.

Example:
$ amp-eks-iam \
   -region=us-east-1 -cluster=eks-cluster

Cluster flags:
-cluster         EKS cluster name.

Options:
-namespace       Kubernetes namespace to apply the policy to. By default, "prometheus".
-service-account Kubernetes service account to apply the policy to. By default, the namespace.
-role            IAM role name to create, default is
                 "EKS-AMP-ServiceAccount-{region}-{cluster}-{namespace}-{sa}".
-region          AWS region of the EKS cluster.

By default, amp-eks-iam creates the role and the privileges for the "prometheus" Kubernetes namespace and service account. You can specify your own namespaces and service accounts. For example, if you are deploying Grafana Agent as explained in this article, use the following command:

$ amp-eks-iam \
   -region=us-east-1 -cluster=eks-cluster \
   -namespace=grafana-agent \
   -service-account=grafana-agent

Troubleshooting

If you received an error telling "roleName" is above the character limits like below,

2021/02/20 09:46:27 Cannot create IAM role: failed to create the IAM role: ValidationError: 1 validation error detected: Value 'EKS-AMP-ServiceAccount-us-west-2-demo-prometheusdeployment-prometheusdeploymentaccount' at 'roleName' failed to satisfy constraint: Member must have length less than or equal to 64

You can set a custom role name with -role:

$ amp-eks-iam \
   -region=us-east-1 -cluster=eks-cluster \
   -role AMPIngestRole

Security

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.

FAQs

Package last updated on 01 Mar 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm

Security News

Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm

Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.

By Philipp Burckhardt  -  Nov 14, 2025
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover

Research

/

Security News

Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover

A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.

By Kirill Boychenko  -  Nov 12, 2025