This repository has been archived by the owner on Sep 4, 2021. It is now read-only.
Error: failed to compress TLS assets: AccessDeniedException on "kube-aws validate" #704
Comments
|
Well, I have defineed several aws cli accounts configured and seems that despite I choose the correct one with export AWS_DEFAULT_PROFILE=my_account kube-aws is choosing the default one. |
|
@gonzalomarcote I believe not kube-aws but aws-sdk-go has responsibility to handle those env vars. AFAIK, none of all the aws-sdk's for various languages support AWS_DEFAULT_PROFILE. You should set AWS_PROFILE instead for sdks. Also, aws-sdk-go doesn't seem to support AWS_DEFAULT_PROFILE in near future aws/aws-sdk-go#384 (comment) |
|
Understood. Thank you for the clarification. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I have configured in AWS full access to my users for KMS in one policy like this:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt"
],
"Resource": [
->>> here the arn for KMS account- > "arn:aws:kms:my_acount"
]
}
}
And in the KMS Encryption key one policy like:
{
"Version": "2012-10-17",
"Id": "key-default-1",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::my_account:user/my_user"
},
"Action": "kms:",
"Resource": ""
}
]
}
and despite of that "kube-aws validate" is failing always with the following error:
Validating UserData...
Error: failed to compress TLS assets: AccessDeniedException:
status code: 400, request id: dfe6fdee-895d-11e6-a8a7-01f2e20042c1
Is there needed more permissions for the "validate" and "up" in AWS?
The text was updated successfully, but these errors were encountered: