🚀 Knowledge Base Beta
Preview our redesigned Knowledge Base. Click here to try it and give us your feedback! Your input helps us improve

Minimum IAM Permissions Required to Import an EKS Cluster into Rancher

This document (000021952) is provided subject to the disclaimer at the end of this document.

Environment

Rancher 2.x
EKS cluster(s) provisioned and managed outside of Rancher

Situation

There is official documentation (Minimum EKS Permissions) outlining the minimum IAM permissions required to manage EKS clusters through Rancher. These permissions cover the full lifecycle of EKS cluster management, including creation, modification, and deletion of clusters.

However, in certain scenarios—particularly when restricted by internal security or compliance policies—organizations may prefer to grant IAM permissions that allow only the import of existing EKS clusters into Rancher.

For such use cases, you can refer to the reduced permission set provided in this Knowledge Base (KB) article, which is tailored specifically for the EKS import process only.

Resolution

The IAM permissions listed are the bare minimum required, removing any of the permissions will cause permission failures for your import process.

Note: These permissions are specifically designed to support the import process only and do not grant Rancher the ability to make configuration changes to the EKS cluster via the AWS API. If you plan to perform any actions beyond importing—such as scaling node groups, EKS upgrades, and modifying the cluster configuration—you will need to update your cloud credentials to include additional IAM permissions appropriate for those operations.

For a full list of permissions required to manage EKS clusters through Rancher, please refer to the official documentation on Minimum EKS Permissions

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "EKSPermissions",
			"Effect": "Allow",
			"Action": [
				"eks:DescribeAddon",
				"eks:DescribeCluster",
				"eks:DescribeFargateProfile",
				"eks:DescribeNodegroup",
				"eks:DescribeUpdate",
				"eks:ListClusters",
				"eks:ListFargateProfiles",
				"eks:ListNodegroups",
				"eks:ListTagsForResource",
				"eks:ListUpdates",
				"eks:TagResource",
				"eks:UntagResource",
				"eks:UpdateClusterConfig",
				"eks:UpdateClusterVersion",
				"eks:UpdateNodegroupConfig",
				"eks:UpdateNodegroupVersion"
			],
			"Resource": "*"
		}
	]
}

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

Document ID:000021952
Creation Date: 30-Jul-2025
Modified Date:01-Aug-2025
- SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Report a Software Vulnerability

Go to Customer Center

SUSE Support

Here When You Need Us

🚀 Knowledge Base Beta Preview our redesigned Knowledge Base. Click here to try it and give us your feedback! Your input helps us improve