How does the EKS `aws-auth` ConfigMap affect user authorization, and how can I check or update it to resolve "unauthorized" access?

The `aws-auth` ConfigMap in the `kube-system` namespace is fundamental for EKS authorization. It maps AWS IAM users and roles to Kubernetes RBAC users and groups. If your IAM entity is not correctly listed in this ConfigMap (under `mapUsers` or `mapRoles`), you will receive an "unauthorized" error. You can check its content with `kubectl get cm aws-auth -n kube-system -o yaml`. To update it, use `kubectl edit cm aws-auth -n kube-system` (ensure you have `system:masters` access initially to perform this, typically from the account that created the cluster or another authorized entity).