[aws] Error creating IAM Roles with 0.10.0 release

[javilinux]

Version

$ openshift-install version
openshift-install v0.10.0

Platform (aws|libvirt|openstack):

aws

What happened?

After upgrading the installer to v0.10.0 and with no other change on aws configuration, I get the following error messages:

ERROR
ERROR Error: Error applying plan:
ERROR
ERROR 3 errors occurred:
ERROR * module.masters.aws_iam_role.master_role: 1 error occurred:
ERROR * aws_iam_role.master_role: Error creating IAM Role jramirez-master-role: AccessDenied: User: arn:aws:iam::694280550618:user/jaramire is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jramirez-master-role
ERROR status code: 403, request id: c3883fe6-1913-11e9-9fa8-61508860f4b1
ERROR
ERROR
ERROR * module.iam.aws_iam_role.worker_role: 1 error occurred:
ERROR * aws_iam_role.worker_role: Error creating IAM Role jramirez-worker-role: AccessDenied: User: arn:aws:iam::694280550618:user/jaramire is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jramirez-worker-role
ERROR status code: 403, request id: c38ecfbb-1913-11e9-9fa8-61508860f4b1
ERROR
ERROR
ERROR * module.bootstrap.aws_iam_role.bootstrap: 1 error occurred:
ERROR * aws_iam_role.bootstrap: Error creating IAM Role jramirez-bootstrap-role: AccessDenied: User: arn:aws:iam::694280550618:user/jaramire is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jramirez-bootstrap-role
ERROR status code: 403, request id: c388b46d-1913-11e9-b8fb-8f389864073a

What you expected to happen?

Install to finish properly or to have documented the necessary changes for aws permissions.

How to reproduce it (as minimally and precisely as possible)?

$ openshift-install create cluster

[soukron]

+1

Using 0.9.1 I can install a cluster but using 0.10.0 I cant.

[jatanmalde]

Hello all,

I am seeing the similar error, This is a fresh install with a clean directory for a single master and 3 worker node cluster configuration,

[root@localhost file2]# openshift-install create cluster
INFO Consuming "Install Config" from target directory 
INFO Creating cluster...                          
ERROR                                              
ERROR Error: Error applying plan:                  
ERROR                                              
ERROR 3 errors occurred:                           
ERROR 	* module.iam.aws_iam_role.worker_role: 1 error occurred: 
ERROR 	* aws_iam_role.worker_role: Error creating IAM Role jackrack-worker-role: AccessDenied: User: arn:aws:iam::694280550618:user/jmalde is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jackrack-worker-role 
ERROR 	status code: 403, request id: 0a915249-1973-11e9-84fa-edccb54ae93c 
ERROR                                              
ERROR                                              
ERROR 	* module.bootstrap.aws_iam_role.bootstrap: 1 error occurred: 
ERROR 	* aws_iam_role.bootstrap: Error creating IAM Role jackrack-bootstrap-role: AccessDenied: User: arn:aws:iam::694280550618:user/jmalde is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jackrack-bootstrap-role 
ERROR 	status code: 403, request id: 0a9263be-1973-11e9-84fa-edccb54ae93c 
ERROR                                              
ERROR                                              
ERROR 	* module.masters.aws_iam_role.master_role: 1 error occurred: 
ERROR 	* aws_iam_role.master_role: Error creating IAM Role jackrack-master-role: AccessDenied: User: arn:aws:iam::694280550618:user/jmalde is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jackrack-master-role 
ERROR 	status code: 403, request id: 0a92d8f1-1973-11e9-84fa-edccb54ae93c 
ERROR                                              
ERROR                                              
ERROR                                              
ERROR                                              
ERROR                                              
ERROR Terraform does not automatically rollback in the face of errors. 
ERROR Instead, your Terraform state file has been partially updated with 
ERROR any resources that successfully completed. Please address the error 
ERROR above and apply again to incrementally change your infrastructure. 
ERROR                                              
ERROR                                              
FATAL failed to fetch Cluster: failed to generate asset "Cluster": failed to create cluster: failed to apply using Terraform 
[root@localhost file2]# 

The .openshift-install.log file has the same above message on it.

I ran and destroyed clusters before with the same aws credentials I used, not sure why is it not working now.

Thanks.

[wking]

ERROR * aws_iam_role.master_role: Error creating IAM Role jramirez-master-role: AccessDenied: User: arn:aws:iam::694280550618:user/jaramire is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jramirez-master-role

These are "ask your AWS-account admin to give you more permissions". You can point them here.

[wking]

Reviewing our open issues, I turned up the elderly #111, of which this particular permission is a special case. I'm closing this issue in favor of that one.

/close

[openshift-ci-robot]

@wking: Closing this issue.

In response to this:

Reviewing our open issues, I turned up the elderly #111, of which this particular permission is a special case. I'm closing this issue in favor of that one.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.