Your current user or role does not have access to Kubernetes objects on this EKS cluster

Question

Don't know if this is an error from AWS or something. I created an IAM user and gave it full admin policies. I then used this user to create an EKS cluster using the eksctl CLI but when I logging to AWS console with the root user I got the below error while trying to access the cluster nodes.

Your current user or role does not have access to Kubernetes objects on this EKS cluster This may be due to the current user or role not having Kubernetes RBAC permissions to describe cluster resources or not having an entry in the cluster’s auth config map.

I have these questions

1. Does not the root user have full access to view every resource from the console?
2. If the above is true, does it mean when I create a resource from the CLI I must login with the same user to view it?
3. Or is there way I could attach policies to the root user? Didn't see anything like in the console.

AWS itself does not recommend creating access keys for root user and using it for programmable access, so I'm so confused right now. Someone help

All questions I have seen so far and the link to the doc here are talking about a user or role created in the AWS IAM and not the root user.

Answer 1

If you're logged in with the root user and get this error, run the below command to edit the aws-auth configMap:

kubectl edit configmap aws-auth -n kube-system

Then go down to mapUsers and add the following (replace [account_id] with your Account ID)

mapUsers: |
  - userarn: arn:aws:iam::[account_id]:root
    groups:
    - system:masters