[Feature] Access entry type should allow "EC2" value

[artem-nefedov]

What feature/behavior/change do you want?

When defining access entries, type "EC2" type should be allowed to integrate with Auto Mode.
Note: this is different from "EC2_LINUX".

Example manifest:

accessConfig:
  authenticationMode: API_AND_CONFIG_MAP
  accessEntries:
  - principalARN: arn:aws:iam::100000000001:role/auto-mode-node-role
    type: EC2
    accessPolicies:
    - accessScope:
        type: cluster
      policyARN: arn:aws:eks::aws:cluster-access-policy/AmazonEKSAutoNodePolicy

Currently (0.199.0), this throws an error:

Error: invalid access entry type "EC2" for accessEntries[0]

Why do you want this feature?

If you want to create access entry to authorize node role for Auto Mode, you must specify "EC2" type. This is useful when you want to use your own non-default NodeClass and NodePools. This entry is normally created automatically, but if you disable built-in node pools (set them as empty array), eksctl will throw an error if you specify nodeRoleARN, so you have to use accessConfig, which also currently doesn't work.

Note that it is possible to do with aws cli, e.g. this will work:

aws eks create-access-entry --type EC2 --cluster-name foo --principal-arn arn:aws:iam::100000000001:role/auto-mode-node-role
aws eks associate-access-policy --access-scope type=cluster --policy-arn arn:aws:eks::aws:cluster-access-policy/AmazonEKSAutoNodePolicy --cluster-name foo --principal-arn arn:aws:iam::100000000001:role/auto-mode-node-role

Alternative solution

Allow to specify autoModeConfig.nodeRoleARN even with nodePools: [], and create the correct association based on specified role.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.