I am trying to run this command at the command line:
aws eks create-cluster \
--name ignitecluster \
--role-arn "$role_arn" \
--resources-vpc-config \
subnetIds="$subnet_id",securityGroupIds="$security_group"
I get:
An error occurred (AccessDeniedException) when calling the CreateCluster operation: User: arn:aws:iam::9136xxxx20371:user/ec2_resources is not authorized to perform: eks:CreateCluster on resource: arn:aws:eks:us-west-2:9136xxxx371:cluster/ignitecluster
I cannot for the life of me figure how to give this role permissions on eks:*, does anyone know?
To do this you will need to be a user or role that is allowed to edit IAM roles in the account.
In the AWS console, open the IAM service, click Users, select the user. On the Permissions tab click the Add Inline Policy link.
The following policy adds all permissions to the user.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "eksadministrator",
"Effect": "Allow",
"Action": "eks:*",
"Resource": "*"
}
]
}
The 'eksadministrator' value for Sid can be changed to something more appropriate for you.