To regain access to an Amazon EKS cluster created with the AWS root account when locked out from a regular IAM user, it is important to utilize EKS access entries to grant permissions without needing initial Kubernetes API access. Since the root account, which possesses system:masters permissions, cannot be accessed via the AWS CLI and no other IAM entities are mapped in the aws-auth ConfigMap, you can create an access entry for your IAM user using the AWS CLI. By executing the command aws eks create-access-entry with the IAM user’s ARN and assigning it to the system:masters group, you enable the user to authenticate with the cluster. After updating the kubeconfig with aws eks update-kubeconfig, the IAM user will be able to use kubectl to manage the cluster, including updating the aws-auth ConfigMap to add additional users or roles, which will help ensure future access and prevent any potential lockouts.