Clarifying deployment steps (assign IAM role) in the example Fully Pr…

…ivate Cluster (#849)
aws-ia · Aug 12, 2022 · 31742a5 · 31742a5
1 parent c775652
commit 31742a5
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/examples/fully-private-eks-cluster/README.md b/examples/fully-private-eks-cluster/README.md
@@ -94,13 +94,24 @@ We will deploy the EKS cluster from the Cloud9 instance that was deployed to the
 
 1. Launch the "EKS-Cloud9" Cloud9 instance.
 2. Install Kubernetes tools on the Cloud9 instance.
-    - [Kubectl](https://Kubernetes.io/docs/tasks/tools/)
-3. Create an IAM role for the Cloud9 workspace and attach the IAM role to your workspace. This IAM role should have enough permissions to provision an EKS cluster.
+   - [Kubectl](https://Kubernetes.io/docs/tasks/tools/)
+3. Create an IAM role for the Cloud9 workspace and attach the IAM role to your workspace. This IAM role should have enough permissions to provision an EKS cluster:
+   - [Create an IAM role for your Workspace](https://www.eksworkshop.com/020_prerequisites/iamrole/)
+   - [Attach the IAM role to your Workspace](https://www.eksworkshop.com/020_prerequisites/ec2instance/)
 4. Update IAM settings for your workspace to disable Cloud9 managing IAM credentials.
 ```shell script
 aws cloud9 update-environment  --environment-id $C9_PID --managed-credentials-action DISABLE
 rm -vf ${HOME}/.aws/credentials
 ```
+> This page ([Update IAM settings for your Workspace](https://www.eksworkshop.com/020_prerequisites/workspaceiam/)) contains the above step and also some useful addition steps to save the AccountId and default Region into your bash_profile.
+
+5. From the Cloud9 bash teminal, ensure that your Cloud9 instance ARN shows the assumed-role that matches the IAM role you assigned to the EC2 instance:
+```shell script
+aws sts get-caller-identity --query Arn
+```
+The output should look something like `"arn:aws:sts::<AccountId>:assumed-role/<RoleName>/<instanceId>"`
+
+> You can find your instanceId on the Cloud9 instance with this command `curl -s http://169.254.169.254/latest/meta-data/instance-id`
 
 ### Deployment Steps
 #### Step1: Clone the repo using the command below
@@ -173,7 +184,6 @@ The EKS Terraform stack outputs the command you have to execute to update the  `
     $ kubectl get pods -n kube-system
 
 
-
 ### How to Destroy
 The following command destroys the resources created by `terraform apply`