# Aks Clusters Platform9 can connect to AWS and import any existing EKS clusters, bringing them under the management of Platform9 to enable centralized administration. Once a cluster has been imported and the [External Cluster Operator](https://platform9.com/docs/kubernetes/external-cluster-operator) has been installed Platform9, enables: * View EKS clusters alongside [BareOS](https://github.com/platform9/pcd-docs-gitbook/blob/main/kubernetes/bareos-what-is-bareos/README.md), [Azure Native Clusters](https://github.com/platform9/pcd-docs-gitbook/blob/main/kubernetes/azure-prerequisites/README.md) and [AWS Native Clusters](https://github.com/platform9/pcd-docs-gitbook/blob/main/kubernetes/aws-prerequisites/README.md) * View and Edit RBAC configuration * View and Managed Cluster Workloads * Use the Application Catalog to deploy Helm 3 app * Deploy Platform9 Monitoring **IAM User Role/Group** Platform9 requires that the user that owns the Secret Key and Access Key be part of the "system: masters" group on each EKS cluster. We recommend that a service account be created within AWS and added to all EKS Clusters. To validate IAM access download [auto$](https://github.com/platform9/pcd-docs-gitbook/blob/main/kubernetes/cloud-provider-iam-check/README.md) CLI ### AWS EKS Cluster Import To help centralize and simplify multi-cluster and hybrid Kubernetes deployments Platform9 can import existing EKS Clusters. Imported clusters have a limited set of functionality compared to AWS Native Clusters; Platform9 does not support any lifecycle actions for imported clusters or kubeconfig generation. A full comparison of AWS Native Clusters vs EKS Imports can be found here [auto$](https://github.com/platform9/pcd-docs-gitbook/blob/main/kubernetes/eks-vs-aws-native-cluster-faq/README.md) ## Pre-requisites for EKS Cluster Imports ### AWS Service Account Platform9 recommends that a service account be created in AWS and an associated Secret Key and Access Key be setup for connecting Platform9 and AWS. ### Access Key and Secret Key PMK requires that you specify an **AWS access key ID** and associated **secret access key** for a single IAM user in your AWS account. The keys are used to import EKS clusters and perform all cluster actions. The account that owns the Access Key and Secret Key must have access to the AWS EKS API for all List and Describe endpoints as detailed here: ### EKS Cluster Permissions For data collection to function correctly the AWS user used to import the cluster must be added to the clusters RBAC ConfigMap to provide either the User/Service Account or a Role that the Service Account is enrolled within access to the cluster. Specifically the `system:masters`group To add the service account used to import the cluster to the EKS Cluster follow the steps outlined by AWS - [Provide Access for IAM Users and Roles to Existing EKS Clusters](https://aws.amazon.com/premiumsupport/knowledge-center/amazon-eks-cluster-access/) ### EKS Cluster API Server Access {% hint style="danger" %} **EKS Cluster Access and Service Account User** The Service Account or User that owns the Access Key and Secret Key must have system:master group access on the EKS clusters that are being imported. {% endhint %} For PMK to function correctly the EKS Clusters API Server must be available on a Public or Public+Private VPC. Clusters with a Private only endpoint will import however only the Cluster and Cluster Details dashboards will function. ## Importing an EKS Cluster ### Create Accounts To import an EKS cluster, users must first: 1. Create a service account for Platform9 in AWS 2. Create an Access Key/Secret Key pair for that service account 3. Grant the service account access to each EKS cluster 4. Create an AWS Cloud Provider within Platform9 ### Import Clusters Once the Cloud provider has been added, users can import any EKS cluster that the Service Account has access to. Below are the steps to import an EKS Cluster. 1. Within AWS, create a [service account](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html) for Platform9 2. Generate an [access key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for the service account 3. Grant the service account [access to each EKS cluster](https://aws.amazon.com/premiumsupport/knowledge-center/amazon-eks-cluster-access/) 4. Log into Platform9 and navigate to Infrastructure → Cloud Providers tab 5. On the Cloud Providers tab, click “+ Add Cloud Provider” 6. Provide a Name for the Cloud Provider and the Access Key Secret Key pair for the Service account and click next 7. Once the Cloud Provider is validated, save the credentials to Platform9 8. Validate the Cloud Provider has access to the regions you are running EKS clusters and then click Done 9. Navigate to the *Infrastructure → Clusters* tab and select '*Import*' from the Add Cluster button 10. Select AWS as the target cloud and click “Import EKS Cluster” 11. Select the Cloud Provider configured with EKS Cluster Access and click Next 12. Select each region where EKS clusters are running and select each cluster to be imported, several clusters can be imported in one action. Once all clusters are selected, click next. 13. Review the final list for import and click “Import” 14. ``` 1. IMPORTANT: [ECO ](/kubernetes/external-cluster-operator)must be installed into each cluster after import to ensure that Platform9 can communicate with the clusters API server ``` 15. Install ECO for each imported cluster --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.platform9.com/managed-kubernetes/5.8/aks-clusters.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.