Describe the feature

The AccessEntry construct currently takes string for the principal prop. This is counterintuitive when compared with the rest of CDK where similar props take an IPrincipal/IGrantable. You should be able to pass a Role or User directly to AccessEntry without calling .arn yourself.

Use Case

I want intent based syntax, especially when using it in the context of cluster.grantAccess(), where in most other places you would just pass the IPrincipal/IGrantable.

Proposed Solution

I'd love it if this was implemented overriding the old prop as it's named best for it, but I get not wanting to break backwards compatibility. I'd suggest doing that for the eks-v2-alpha where you are explicitly breaking backwards compatibility. For the current stable version, perhaps you could add a new prop called grantee that takes an IGrantable.

Other Information

I'm open to discussion on whether IGrantable or IPrincipal makes more sense.

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.187.0

Environment details (OS name and version, etc.)

n/a