:doc:`EKS <../../eks>` / Client / describe_access_entry

*********************
describe_access_entry
*********************



.. py:method:: EKS.Client.describe_access_entry(**kwargs)

  

  Describes an access entry.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeAccessEntry>`_  


  **Request Syntax**
  ::

    response = client.describe_access_entry(
        clusterName='string',
        principalArn='string'
    )
    
  :type clusterName: string
  :param clusterName: **[REQUIRED]** 

    The name of your cluster.

    

  
  :type principalArn: string
  :param principalArn: **[REQUIRED]** 

    The ARN of the IAM principal for the ``AccessEntry``.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'accessEntry': {
              'clusterName': 'string',
              'principalArn': 'string',
              'kubernetesGroups': [
                  'string',
              ],
              'accessEntryArn': 'string',
              'createdAt': datetime(2015, 1, 1),
              'modifiedAt': datetime(2015, 1, 1),
              'tags': {
                  'string': 'string'
              },
              'username': 'string',
              'type': 'string'
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **accessEntry** *(dict) --* 

        Information about the access entry.

        
        

        - **clusterName** *(string) --* 

          The name of your cluster.

          
        

        - **principalArn** *(string) --* 

          The ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN, the access entry isn't automatically deleted. We recommend that you delete the access entry with an ARN for an IAM principal that you delete. If you don't delete the access entry and ever recreate the IAM principal, even if it has the same ARN, the access entry won't work. This is because even though the ARN is the same for the recreated IAM principal, the ``roleID`` or ``userID`` (you can see this with the Security Token Service ``GetCallerIdentity`` API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don't see the IAM principal's ``roleID`` or ``userID`` for an access entry, Amazon EKS stores it with the access entry.

          
        

        - **kubernetesGroups** *(list) --* 

          A ``name`` that you've specified in a Kubernetes ``RoleBinding`` or ``ClusterRoleBinding`` object so that Kubernetes authorizes the ``principalARN`` access to cluster objects.

          
          

          - *(string) --* 
      
        

        - **accessEntryArn** *(string) --* 

          The ARN of the access entry.

          
        

        - **createdAt** *(datetime) --* 

          The Unix epoch timestamp at object creation.

          
        

        - **modifiedAt** *(datetime) --* 

          The Unix epoch timestamp for the last modification to the object.

          
        

        - **tags** *(dict) --* 

          Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

          
          

          - *(string) --* 

            One part of a key-value pair that make up a tag. A ``key`` is a general label that acts like a category for more specific tag values.

            
            

            - *(string) --* 

              The optional part of a key-value pair that make up a tag. A ``value`` acts as a descriptor within a tag category (key).

              
      
    
        

        - **username** *(string) --* 

          The ``name`` of a user that can authenticate to your cluster.

          
        

        - **type** *(string) --* 

          The type of the access entry.

          
    
  
  **Exceptions**
  
  *   :py:class:`EKS.Client.exceptions.ServerException`

  
  *   :py:class:`EKS.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`EKS.Client.exceptions.InvalidRequestException`

  