EKS Token


This plugin provides authentication token to access AWS EKS without AWS CLI. The major use case is to launch dynamic agent pod in any EKS cluster by Jenkins Kubernetes Plugin

Getting started

With AWS credential configured

This plugin integrates with AWS Credentials Plugin to get AWS secrets.
It supports both AWSAccessKeyId/AWSSecretKey pair and IAM Roles.

Without AWS credential configured

If this plugin has no AWS credential configured, it retrieves AWS secrets from environment variables, system properties or AWS profile.

EKS Certificate authority

The EKS certificate authority from AWS console is encoded in base64.
Decode it to get a PEM format string before use in the Kubernetes plugin.

Kubernetes Credentials Provider

This plugin supports Kubernetes Credentials Provider. A valid YAML

apiVersion: v1
kind: Secret
  # this is the jenkins id.
  name: "a-test-eks"
    # so we know what type it is.
    "jenkins.io/credentials-type": "eks"
    # description - can not be a label as spaces are not allowed
    "jenkins.io/credentials-description": "eks1 token"
type: Opaque
  awsCredentialsId: YXdzLTE=
  clusterName: ZWtzMQ==
  region: dXMtd2VzdC0y

Token Algorithm

The token algorithm is from aws cli code and inspired by Programmatically Accessing an Amazon EKS Kubernetes Cluster.


Refer to our contribution guidelines


Licensed under MIT, see LICENSE