EKS Kubeconfig Authentication: Native kubectl Access Without the AWS CLI

Atmos now supports native EKS kubeconfig authentication through the integrations system. When you authenticate with an identity, Atmos automatically generates kubeconfig entries for linked EKS clusters, giving you seamless kubectl access without requiring the AWS CLI.

What Changed

The atmos auth system now supports EKS integrations that automatically provision kubeconfig when you log in:

• aws/eks integration kind - Configure EKS clusters as integrations linked to identities
• atmos aws eks token command - kubectl exec credential plugin for short-lived token generation
• Enhanced atmos aws eks update-kubeconfig - New --integration and --identity flags for Go SDK-based kubeconfig generation
• Automatic cleanup - Kubeconfig entries are removed when you log out

Why This Matters

Previously, accessing EKS clusters required installing the AWS CLI, running aws eks update-kubeconfig, and managing credentials separately. Now everything is managed through your atmos.yaml configuration:

auth:
  integrations:
    dev/eks:
      kind: aws/eks
      via:
        identity: dev-admin
      spec:
        cluster:
          name: dev-cluster
          region: us-east-2
          alias: dev

A single atmos auth login dev-admin provisions both AWS credentials and kubeconfig entries. kubectl automatically calls atmos aws eks token for fresh tokens when needed.

How to Use It

1. Add an EKS integration to your atmos.yaml linking a cluster to an identity
2. Run atmos auth login <identity> - kubeconfig is auto-provisioned
3. Use kubectl --context <alias> get pods - tokens are generated automatically

See the EKS Kubeconfig Authentication Tutorial for a complete setup guide.

Get Involved

Have feedback or questions? Open an issue on GitHub.