How to Install AWS IAM Authenticator on Windows/Linux/MacOs

The AWS IAM Authenticator for Kubernetes employed by Amazon EKS makes use of IAM to provide authentication to your Kubernetes cluster. Installing the AWS IAM Authenticator for Kubernetes and modifying kubectl’s configuration files to use it for authentication will allow you to configure the standard kubectl client to work with Amazon EKS.

Alternatively, you can install the AWS IAM Authenticator for Kubernetes on macOS, Linux, or Windows if you cannot run the AWS CLI version 1.16.156 or later to create the kubeconfig file.

macOS

To install aws-iam-authenticator with Homebrew

Using Homebrew will make the installation of aws-iam-authenticator simple.

1. Follow the commands below to install Homebrew on your Mac if it has not already been installed.

/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)”

• With the following command, install the aws-iam-authenticator.

brew install aws-iam-authenticator

• Make sure aws-iam-authenticator is installed and working.

aws-iam-authenticator help

Installation of the Amazon Web Services IAM Authenticator on MacOS

The steps below can also be used to install the AWS-vended version of the aws-iam-authenticator.

1. AWS-IAM-Authenticator binary can be downloaded from Amazon S3 via the Amazon EKS channel.

curl -o aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazoneks/1.21.2/2021-07-05/bin/darwin/amd64/aws-iam-authenticator

• The SHA-256 sum provided in the bucket Prefix may be used to verify the download binary.
  • Your system’s SHA-256 sum can be downloaded here.

curl -o aws-iam-authenticator.sha256 https://s3.us-west-2.amazonaws.com/amazoneks/1.21.2/2021-07-05/bin/darwin/amd64/aws-iam-authenticator.sha256

• Make sure the SHA-256 sum of your downloaded binary is correct.

openssl sha1 -sha256 aws-iam-authenticator

• Comparing the output of the command against the downloaded aws-iam-authenticator.sha256 file will provide you with the SHA-256 sum. This should be the same.
• Give the binary execution permissions.

chmod +x ./aws-iam-authenticator

• Ensure the binary is copied into your $PATH folder. AWS-IAMAuthenticator should be placed in $HOME/bin, and the path to that file should be in $PATH. mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin
• PATH variable should be set to $HOME/bin.

echo ‘export PATH=$PATH:$HOME/bin’ >> ~/.bash_profile

• Make sure aws-iam-authenticator is installed and working.

aws-iam-authenticator help

Linux

To install aws-iam-authenticator on Linux

1. From Amazon S3, download aws-iam-authenticator for your hardware platform from the Amazon EKS online vendor.

curl -o aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazoneks/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator

curl -o aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazoneks/1.21.2/2021-07-05/bin/linux/arm64/aws-iam-authenticator

• Verify the download binary with the SHA-256 sum provided in your hardware’s bucket prefix.
• This link will allow you to see your system’s SHA-256 sum.

curl -o aws-iam-authenticator.sha256 https://s3.us-west-2.amazonaws.com/amazoneks/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator.sha256

curl -o aws-iam-authenticator.sha256 https://s3.us-west-2.amazonaws.com/amazoneks/1.21.2/2021-07-05/bin/linux/arm64/aws-iam-authenticator.sha256

• Check the SHA-256 sum of the binary you have downloaded.

openssl sha1 -sha256 aws-iam-authenticator

• Using the command output, compare the SHA-256 sum against the aws-iam-authenticator.sha256 file you downloaded. It should be the same.
• Give the binary execution permissions.

chmod +x ./aws-iam-authenticator

• Ensure the binary is copied into your $PATH folder. Ensure that $HOME/bin comes first in your $PATH by creating a $HOME/bin/aws-iamauthenticator.

mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin

• PATH environment variable should contain $HOME/bin.

echo ‘export PATH=$PATH:$HOME/bin’ >> ~/.bashrc

• Make sure aws-iam-authenticator is installed and working.

aws-iam-authenticator help

Windows

To install aws-iam-authenticator on Windows with Chocolatey

1. See Installing Chocolatey if Chocolatey is not already installed on your Windows platform.
2. The aws-iam-authenticator package can be installed using PowerShell by running the following command:

choco install -y aws-iam-authenticator

• Make sure aws-iam-authenticator is installed and working.

aws-iam-authenticator help

Windows installation guide for Amazon AWS IAM Authenticator

1. Install the AWS-iamauthenticator binary from Amazon S3 in a PowerShell terminal window by downloading the Amazon EKS vended binary.

curl -o aws-iam-authenticator.exe https://s3.us-west-2.amazonaws.com/amazoneks/1.21.2/2021-07-05/bin/windows/amd64/aws-iam-authenticator.exe

• Verify the downloaded binary against the SHA-256 sum that is provided within the same bucket prefix.
  • Download the SHA-256 sum for your system.

curl -o aws-iam-authenticator.sha256 https://s3.us-west-2.amazonaws.com/amazoneks/1.21.2/2021-07-05/bin/windows/amd64/aws-iam-authenticator.exe.sha256

• Your downloaded binary’s SHA-256 sum should be checked.

Get-FileHash aws-iam-authenticator.exe

• Check your downloaded SHA-256 file against the SHA-256 sum generated by the command output. It is important that they match, even though PowerShell will be written in uppercase.
  • Create a PATH folder in which to save the binary. Copy the binary to the directory you use for command-line utilities in your PATH. To do otherwise, follow these steps.
    • For example, you can create a directory called C:/bin for your command-line binaries.
    • Make a new directory in which to place the aws-iam-authenticator.exe binary.
    • By adding the new directory to your PATH environment variable, you will add it to your user or system path.
    • Delete the PowerShell terminal and start a new one, so the PATH variable is picked up.
    • Aws-IAM-Authenticator should be tested to make sure it works.

aws-iam-authenticator help