I'm trying to create an EKS cluster but I keep getting the following error. I think it's an issue of permissions, roles, etc but I have minimum experience with AWS stuff.
I found this thread but I have no idea how to implement all these things.
Any help is appreciated, thanks in advance.
$ eksctl create cluster
[ℹ] eksctl version 0.13.0
[ℹ] using region us-west-2
Error: getting availability zones: getting availability zones for us-west-2: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 724b0c02-fb51-43b2-98ab-746a3d2e45a0
Amazon Elastic Kubernetes Service (EKS) has reduced control plane creation time by 40%, enabling you to create a new EKS cluster control plane in 9 minutes or less, on average.
You may see a console error message that says Your current user or role does not have access to Kubernetes objects on this EKS cluster . Make sure that the IAM user that you're signed into the AWS Management Console with (or role that you switched to after signing in) has the necessary permissions.
The subnets must each have at least six IP addresses for use by Amazon EKS. However, we recommend at least 16 IP addresses. The subnets can't reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone.
I am also a newbie to EKS. The problem of this matter is you have not permissions to do something. First, we should know what permissions we need, however, as a newbie we don't wanna know so much. So as Kushagra Saxena said, we set our IAM account as Admin for learning.
Select Users
Add permissions
Select AdministratorAccess
and then Next Next Next!
If you wanna use custom policy, like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
You should create your own policy.You can do as following:
Select "Policies" and "Create Policy"
Replace by your Json and Next Next.
3.Select your user and add permissions as "Use Existing Policy" do。
The error says UnauthorizedOperation
which means you don't have sufficient permission to create the cluster.
Please make sure you have configured your awscli correctly and you have sufficient permissions.
Required permissions are documented at https://github.com/weaveworks/eksctl/blob/master/userdocs/src/usage/minimum-iam-policies.md
Be sure to use the 12-digit Account Id from Account Settings when replacing the placeholders.
This is how you change the permissions of an aws user https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With