Verify the Role and Binding

This workshop has been deprecated and archived. The new Amazon EKS Workshop is now available at

Now that the user, Role, and RoleBinding are defined, lets switch back to rbac-user, and test.

To switch back to rbac-user, issue the following command that sources the rbac-user env vars, and verifies they’ve taken:

.; aws sts get-caller-identity

You should see output reflecting that you are logged in as rbac-user.

As rbac-user, issue the following to get pods in the rbac namespace:

kubectl get pods -n rbac-test

The output should be similar to:

NAME                    READY     STATUS    RESTARTS   AGE
nginx-55bd7c9fd-kmbkf   1/1       Running   0          23h

Try running the same command again, but outside of the rbac-test namespace:

kubectl get pods -n kube-system

You should get an error similar to:

No resources found.
Error from server (Forbidden): pods is forbidden: User "rbac-user" cannot list resource "pods" in API group "" in the namespace "kube-system"

Because the role you are bound to does not give you access to any namespace other than rbac-test.