Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Error: getting availability zones when trying to create EKS cluster

I'm trying to create an EKS cluster but I keep getting the following error. I think it's an issue of permissions, roles, etc but I have minimum experience with AWS stuff.

I found this thread but I have no idea how to implement all these things.

Any help is appreciated, thanks in advance.

$ eksctl create cluster
[ℹ]  eksctl version 0.13.0
[ℹ]  using region us-west-2
Error: getting availability zones: getting availability zones for us-west-2: UnauthorizedOperation: You are not authorized to perform this operation.
    status code: 403, request id: 724b0c02-fb51-43b2-98ab-746a3d2e45a0
like image 220
Raskolnikov Avatar asked Feb 27 '20 16:02

Raskolnikov


People also ask

How long does it take to create an EKS cluster in AWS?

Amazon Elastic Kubernetes Service (EKS) has reduced control plane creation time by 40%, enabling you to create a new EKS cluster control plane in 9 minutes or less, on average.

How do I resolve the your current user or role does not have access to Kubernetes objects on this EKS cluster error in Amazon EKS?

You may see a console error message that says Your current user or role does not have access to Kubernetes objects on this EKS cluster . Make sure that the IAM user that you're signed into the AWS Management Console with (or role that you switched to after signing in) has the necessary permissions.

How many IP addresses does EKS use?

The subnets must each have at least six IP addresses for use by Amazon EKS. However, we recommend at least 16 IP addresses. The subnets can't reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone.


2 Answers

I am also a newbie to EKS. The problem of this matter is you have not permissions to do something. First, we should know what permissions we need, however, as a newbie we don't wanna know so much. So as Kushagra Saxena said, we set our IAM account as Admin for learning.

Use Existing Policy

  1. Select Users enter image description here

  2. Add permissions enter image description here

  3. Select AdministratorAccess and then Next Next Next! enter image description here

Or Use Custom Policy

If you wanna use custom policy, like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

You should create your own policy.You can do as following:

  1. Select "Policies" and "Create Policy" enter image description here

  2. Replace by your Json and Next Next. enter image description here

3.Select your user and add permissions as "Use Existing Policy" do。

like image 70
kyakya Avatar answered Oct 15 '22 22:10

kyakya


The error says UnauthorizedOperation which means you don't have sufficient permission to create the cluster.

Please make sure you have configured your awscli correctly and you have sufficient permissions.

Required permissions are documented at https://github.com/weaveworks/eksctl/blob/master/userdocs/src/usage/minimum-iam-policies.md

Be sure to use the 12-digit Account Id from Account Settings when replacing the placeholders.

This is how you change the permissions of an aws user https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html

like image 26
Tummala Dhanvi Avatar answered Oct 15 '22 22:10

Tummala Dhanvi