enchance EKS tshoot RTD

ResearchComputing · Mar 22, 2024 · 3d98097 · 3d98097
1 parent 60e0178
commit 3d98097
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 0 deletions.
diff --git a/docs/cloud/aws/troubleshooting/images/create-role-terraform-resource.png b/docs/cloud/aws/troubleshooting/images/create-role-terraform-resource.png
diff --git a/docs/cloud/aws/troubleshooting/images/create-role-terraform.png b/docs/cloud/aws/troubleshooting/images/create-role-terraform.png
diff --git a/docs/cloud/aws/troubleshooting/troubleshooting.md b/docs/cloud/aws/troubleshooting/troubleshooting.md
@@ -29,3 +29,57 @@ When creating AWS Users, you must attach the "Customer_Admin_PermissionBoundary"
 See [Admin Account Permission Exclusions](../getting-started/customer-permission-boundary.md)
 
 ---
+
+### AccessDenied: not authorized to perform: iam:CreateRole | Module Block
+
+Below error occurs when creating **EKS Cluster** using <a href="https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest" target="_blank">Terraform module</a> from the Terraform registry. 
+
+This error is not an AWS nor Terraform bug. This error is seen when AWS Customers at CU Boulder uses their customer admin IAM role to create an EKS cluster.
+
+**Error:**
+
+![](images/create-role-terraform.png)
+
+**Solution:**
+
+When creating EKS cluster using terraform module from terraform registry, you must attach the "Customer_Admin_PermissionBoundary" Permission Boundary as an argument twice. First in the EKS module and second in the EKS Managed node groups submodule.
+
+
+module "eks" {
+  iam_role_permissions_boundary = "arn:aws:iam:<AWS account number>:policy/Customer_Admin_PermissionBoundary"
+
+eks_managed_node_groups = {
+    example = {
+      iam_role_permissions_boundary = "arn:aws:iam::<AWS Account Number>:policy/Customer_Admin_PermissionBoundary"
+
+    }
+}
+}
+
+---
+
+
+### AccessDenied: not authorized to perform: iam:CreateRole | Resource Block
+
+
+Below error occurs when creating **EKS Cluster** using <a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster" target="_blank">Terraform resource block</a> from the Terraform registry documentation. 
+
+This error is not an AWS nor Terraform bug. This error is seen when AWS Customers at CU Boulder uses their customer admin IAM role to create an EKS cluster.
+
+
+**Error:**
+
+![](images/create-role-terraform-resource.png)
+
+**Solution:**
+
+When creating EKS cluster using terraform resource from terraform registry, you must attach the "Customer_Admin_PermissionBoundary" Permission Boundary as an argument in AWS IAM role
+
+
+resource "aws_iam_role" "example" {
+
+  permissions_boundary = "arn:aws:iam::<AWS account number>:policy/Customer_Admin_PermissionBoundary"
+}
+
+
+---