I'd like to configure the kubectl tool to use the variables defined in my current shell in order to connect to the cluster, rather than pointing to the profile defined in a ~/.aws/credentials file, for security reasons.
This works with the normal aws command already, as well as terraform which is what I'm using to provision my resources.
I'm sourcing the values into my shell before running commands via the 1Password CLI tool. Is it possible to have the kubectl command use the values already defined in my current shell environment (currently $AWS_ACCESS_KEY_ID and $AWS_SECRET_ACCESS_KEY) rather than using the configuration file?
If not, how do you typically avoid hardcoding AWS keys into local configuration files that let you connect to an EKS cluster on AWS?
The kubectl command is not using the aws credentials, but the context configuration in $HOME/.kube/config
You may configure the k8s context using the aws eks command which is using the env variables. btw — I suggest always providing AWS_REGION too along the credentials
aws eks update-kubeconfig --region region-code --name my-cluster
Then check the kubectl context, it should be configured
kubectl config get-contexts