amazon-web-serviceskubernetesamazon-ekseksctl
How to resolve error while creating the cluster using eksctl in AWS
I am trying to create a cluster in AWS us-east-1 region for a user account of my root account.But while trying to create the same i am getting the following issues
[ℹ] eksctl version 0.22.0
[ℹ] using region us-east-1
[ℹ] subnets for us-east-1a - public:192.168.0.0/19 private:192.168.64.0/19
[ℹ] subnets for us-east-1b - public:192.168.32.0/19 private:192.168.96.0/19
[ℹ] using Kubernetes version 1.16
[ℹ] creating EKS cluster "in28minutes-cluster" in "us-east-1" region with managed nodes
[ℹ] will create 2 separate CloudFormation stacks for cluster itself and the initial managed nodegroup
[ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-east-1 --cluster=in28minutes-cluster'
[ℹ] CloudWatch logging will not be enabled for cluster "in28minutes-cluster" in "us-east-1"
[ℹ] you can enable it with 'eksctl utils update-cluster-logging --region=us-east-1 --cluster=in28minutes-cluster'
[ℹ] Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "in28minutes-cluster" in "us-east-1"
[ℹ] 2 sequential tasks: { create cluster control plane "in28minutes-cluster", 2 sequential sub-tasks: { no tasks, create managed nodegroup "in28minutes-cluster-node-group" } }
[ℹ] building cluster stack "eksctl-in28minutes-cluster-cluster"
[ℹ] deploying stack "eksctl-in28minutes-cluster-cluster"
[✖] unexpected status "ROLLBACK_IN_PROGRESS" while waiting for CloudFormation stack "eksctl-in28minutes-cluster-cluster"
[ℹ] fetching stack events in attempt to troubleshoot the root cause of the failure
[✖] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST1B: CREATE_FAILED – "Resource creation cancelled"
[✖] AWS::EC2::Route/PublicSubnetRoute: CREATE_FAILED – "Resource creation cancelled"
[✖] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST1A: CREATE_FAILED – "Resource creation cancelled"
[✖] AWS::EC2::NatGateway/NATGateway: CREATE_FAILED – "Resource creation cancelled"
[✖] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST1A: CREATE_FAILED – "Resource creation cancelled"
[✖] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST1B: CREATE_FAILED – "Resource creation cancelled"
[✖] AWS::EKS::Cluster/ControlPlane: CREATE_FAILED – "User: arn:aws:iam::750121092648:user/HR is not authorized to perform: eks:CreateCluster on resource: arn:aws:eks:us-east-1:750121092648:cluster/in28minutes-cluster (Service: AmazonEKS; Status Code: 403; Error Code: AccessDeniedException; Request ID: 290ba47a-6423-4ce7-bd25-c429e1f69ea8)"
[!] 1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console
[ℹ] to cleanup resources, run 'eksctl delete cluster --region=us-east-1 --name=in28minutes-cluster'
[✖] waiting for CloudFormation stack "eksctl-in28minutes-cluster-cluster": ResourceNotReady: failed waiting for successful resource state
Error: failed to create cluster "in28minutes-cluster"
This is the command i am using to create the cluster
create cluster --name in28minutes-cluster --nodegroup-name in28minutes-cluster-node-group --node-type t2.medium --nodes 3 --nodes-min 3 --nodes-max 7 --managed --asg-access --zones=us-east-1a,us-east-1b
I also have clouformation role for my user account
Please help me to resolve this issue , I am new to aws kubernetes
Solution
This line from your logs
[✖] AWS::EKS::Cluster/ControlPlane: CREATE_FAILED – "User: arn:aws:iam::750121092648:user/HR is not authorized to perform: eks:CreateCluster on resource: arn:aws:eks:us-east-1:750121092648:cluster/in28minutes-cluster (Service: AmazonEKS; Status Code: 403; Error Code: AccessDeniedException; Request ID: 290ba47a-6423-4ce7-bd25-c429e1f69ea8)"
seems to suggest that the user HR doesn't have all the necessary EKS permissions. Try (temporarily) attaching the HR user the AWS-managed AdministratorAccess policy. Then, if this resolves the issue, narrow it down to only EKS-related permissions.
- Unable to delete cfn stack, role is invalid or cannot be assumed
- How to Set Up Account Linking for a Skill using Alexa API from Amazon?
- GitHub actions "aws: not found" error on ubuntu-latest with Godot CI
- Download file from S3 to Rails 4 app
- Cloudfront (CDN) with Internal Application Load Balancer
- Connecting private load balancer to cloud front distribution?
- Request to Amazon API with delphi : Got HTTP/1.1 403 Forbidden
- Shift Lambda infrastructure to ECS
- IAM policy to allow EC2 instance API access only to modify itself
- How to match these 2 tables?
- What is the best way of getting files from AWS S3, inserting them into zip and uploading that zip to the bucket?
- What does this mean? An error occurred (SignatureDoesNotMatch) when calling the GetCallerIdentity operation: Signature expired
- How to query: filtering on multiple primary partition keys and range on primary sort key
- How can I get boto3 script to run as a Lambda function?
- Testing AWS CDK Applications Locally
- Downloading an entire S3 bucket?
- AWS ElastiCache SNS notifications Inactive
- How to set credentials in AWS SDK v3 JavaScript?
- Redis HINCRBY hash field -1 counter for decrementing only till 0 or non negative value
- Error creating mediaconvert job for HLS output with mp4, mp3 and SRT as input
- Firehose Stream Delivers to S3 in Uncompressed Format Despite Compression Enabled
- AWS S3 Bucket Policy - Only Allow Certain File Types In Folder
- couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server
- AWS DotNet SDK Error: Unable to get IAM security credentials from EC2 Instance Metadata Service
- AWS passive failover pricing
- Is there any API available for AWS Pricing Calculator
- Append data to an S3 object
- How to handle UnprocessedItems using AWS JavaScript SDK (dynamoDB)?
- AWS SAM-defined ECS Fargate scheduled task won't start
- How to configure AWS Application Load Balancer to point to multiple ports on the same server