You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you try to just use the provided permissions from the .md mentioned above and enable addons on your cluster you will get an error message like so when applying:
Error: error reading EKS Add-On (<cluster-name>:kube-proxy): AccessDeniedException: User: arn:aws:sts::123123123123:assumed-role/foobar/<session-name> is not authorized to perform: eks:DescribeAddon on resource: arn:aws:eks:<aws-region>:123123123:/clusters/<cluster-name>/addons/kube-proxy
🎄 🎅
The text was updated successfully, but these errors were encountered:
thank you for this @migueleliasweb ! while this is great info, we are moving away from providing this level of detail in the module documentation. These details are (as you correctly pointed to) already provided by AWS and they are highly dependent on the various ways users configure their clusters. in the next major release of this module v18.x, we are removing this IAM permissions document for this reason. But thank you for reporting!
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
Hi everyone, and Merry Christmas!
I might have stumbled across some missing docs...
The page https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/iam-permissions.md seems to be missing some of the new permissions to manage addons. Like
eks:CreateAddon
,eks:DeleteAddon
,eks:DescribeAddon
,eks:DescribeAddonVersions
andeks:ListAddons
.The full list of permissions/actions can be found here: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelastickubernetesservice.html#amazonelastickubernetesservice-actions-as-permissions
If you try to just use the provided permissions from the
.md
mentioned above and enable addons on your cluster you will get an error message like so when applying:🎄 🎅
The text was updated successfully, but these errors were encountered: