I'm trying to install EBS-CSI-Driver Add-on for EKS on AWS, but I have error with Denied status. Although my account have administratoraccess role. Why does this happen?
Via CLI:
An error occurred (AccessDeniedException) when calling the CreateAddon operation: User: arn:aws:iam::my-user-id:user/my-user is not authorized to perform: iam:PassRole on resource: arn:aws:iam::my-user-id:role/EKS_NodeGroup_Role with an explicit deny"
Via Console:
AccessDenied namespaces "kube-system" is forbidden: User "eks:addon-manager" cannot patch resource "namespaces" in API group "" in the namespace "kube-system""
I added AmazonEBSCSIDriverPolicy into EKS_NodeGroup_Role but still have same error.
Got the same issue. Not sure why.
However, the issue cloud solved by adding “patch” in clusterrole “eks:addonmanager”.