When you create an EKS cluster, only the IAM user who created the EKS cluster can access it. Another IAM user with AdministratorAccess on the same AWS Account cannot access it.
This gets tricky if the cluster was created by a completely different user who assumed a role in an AWS account and created the cluster.
There are two ways (that I know of) to provide additional access. One is by updating the aws-auth ConfigMap in the cluster. This has to be done by the user who originally created the cluster because no other user has access.
Another option is to use the AWS::IAM::AccessEntry resource which is available both via CloudFormation and Terraform. It can be confusing to use this resource because it has things like a PolicyArn but it's not AWS IAM. So it is hard to find good documentation. Here's what worked for me:
"MyAccessEntry": {
"Properties": {
"AccessPolicies": [
{
"AccessScope": {
"Type": "cluster"
},
"PolicyArn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
}
],
"ClusterName": "<your-cluster-name>",
"PrincipalArn": "<arn-of-the-iam-user-who-should-have=-access>",
"Username": "admin"
},
"Type": "AWS::EKS::AccessEntry"
}
The documentation for AccessPolicies is pretty vague. But the above should give your IAM user cluster admin rights.