Granting remote access to Kubernetes clusters on Azure Kubernetes Service

You can remotely access Azure Kubernetes Service (AKS) clusters for troubleshooting, log collection, and maintenance purposes using SSH. To do that, you must add the Azure Active Directory (AD) object ID in the CDW environment Kubeconfig.

Required Role: DWAdmin

  • You must have an active CDW environment to grant your users remote access to the Kubernetes cluster
  • Contact your Azure account administrator to obtain the Azure AD object ID

Obtaining the Azure AD object ID using Azure CLI

You can obtain the object ID by running the following command:
az ad group list --filter "displayname eq '[***GROUP-NAME***]'" -o table

This lists all the existing groups within the directory.

Obtaining the Azure AD object ID from the Azure portal

  1. Sign in to the Azure portal using a Global administrator account for the directory.
  2. Search for and select Azure Active Directory.
  3. On the Active Directory page, select Groups and click Overview.
  4. Note the Object ID from the Group Overview page.


  1. In the Data Warehouse service, expand the Environments column by clicking the Moreā€¦ menu on the left side of the page.
  2. In the Environments column, click the search icon and locate the environment for which you want to grant access to AKS.
  3. Click the options menu and select Show Kubeconfig.
  4. Enter the Azure AD object ID in the Enter group ID text box.
  5. Click GRANT ACCESS to save your changes.
Access the Virtual Machines remotely using Azure CLI. When you enter a kubectl command, such as, kubectl get pods Azure CLI, you will see the following message:
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code ****** to authenticate.
  1. Open a web browser and go to https://microsoft.com/devicelogin.
  2. Enter the code on the Enter code page and click Next.
  3. On the Pick an account page, select the account for signing into the AKS AAD Client.


    Upon successful login, you get the following message: