AccessDeniedException - creating eks cluster - User is not authorized to perform: eks:CreateCluster

Question

I am trying to run this command at the command line:

aws eks create-cluster \
    --name ignitecluster \
    --role-arn "$role_arn" \
    --resources-vpc-config  subnetIds="$subnet_id",securityGroupIds="$security_group"

I get:

An error occurred (AccessDeniedException) when calling the CreateCluster operation: User: arn:aws:iam::9136xxxx20371:user/ec2_resources is not authorized to perform: eks:CreateCluster on resource: arn:aws:eks:us-west-2:9136xxxx371:cluster/ignitecluster

I cannot for the life of me figure how to give this role permissions on eks:*, does anyone know?

Answer 1

To do this you will need to be a user or role that is allowed to edit IAM roles in the account.

In the AWS console, open the IAM service, click Users, select the user. On the Permissions tab click the Add Inline Policy link.

The following policy adds all permissions to the user.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "eksadministrator",
            "Effect": "Allow",
            "Action": "eks:*",
            "Resource": "*"
        }
    ]
}

The 'eksadministrator' value for Sid can be changed to something more appropriate for you.

Answer 2

Firstly, you can check your policies in IAM->access management->policies. You can create a new policy or attach you account in one of exist policy. Search "EKS" and add "CreateCluster" in the list, then create a new policy, problem solved. enter image description here