eks:DeleteAccessEntry is a Write access-level action in the eks service. Grants permission to delete an Amazon EKS access entry
ARNs that eks:DeleteAccessEntry can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants eks:DeleteAccessEntry.
Filters access by a tag key and value pair
Filters access by the access entry type present in the access entry requests the user makes to the EKS service
Filters access by the clusterName present in the access entry requests the user makes to the EKS service
Filters access by the kubernetesGroups present in the access entry requests the user makes to the EKS service
Filters access by the principalArn present in the access entry requests requests the user makes to the EKS service
Filters access by the Kubernetes username present in the access entry requests the user makes to the EKS service
A minimal policy that allows eks:DeleteAccessEntry. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowEksDeleteAccessEntry",
"Effect": "Allow",
"Action": "eks:DeleteAccessEntry",
"Resource": "*"
}
]
}