-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws eks update-kubeconfig using --role-arn param gives not authorized to perform: eks:DescribeCluster #5823
Comments
Hi @hanfi, I apologize for the delay. I'm not able to reproduce - can you provide a redacted debug log for me to review (remove any account IDs and other sensitive information, but replace them with something that allows me to still differentiate between the roles)? Thanks! |
Greetings! It looks like this issue hasn’t been active in longer than a week. We encourage you to check if this is still an issue in the latest release. Because it has been longer than a week since the last update on this, and in the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or add an upvote to prevent automatic closure, or if the issue is already closed, please feel free to open a new one. |
|
to reproduce :
while you are your user (in my case called user/devops) :
the command doesn't use the provided role-arn to perform eks:DescribeCluster. it uses the user without assuming the role. |
Also meet this problem.
how to sovled it ? |
I had that problem, had to add the profile
|
@kdaily This issue is still there. How do I resolve it? |
Same here,
the user is directly attacted with inline policy containing following json
|
Having the same issue Please help if possible |
@gitaacademy Check to see if there's a policy statement |
Same issue here. I don’t have MFA enabled. Please reopen. |
@demisx updated my comment, hope that helps. |
Any updates on how to fix this issue ? |
Confirm by changing [ ] to [x] below to ensure that it's a bug:
Describe the bug
when creating a kube config while i'm myUser :
aws eks update-kubeconfig --name MyCluster --region eu-west-1 --role-arn arn:aws:iam::XXXXXXXXX:role/myRole
it's supposed to build the kubeconfig and add the params
but i have this error :
An error occurred (AccessDeniedException) when calling the DescribeCluster operation: User: arn:aws:iam::XXXXXXXXX:role:user/myUser is not authorized to perform: eks:DescribeCluster on resource: arn:aws:eks:eu-west-1:XXXXXXX:cluster/cluster_name
the user running that command is not supposed to have any access, everything should be done by the role
SDK version number
aws-cli/2.1.10 Python/3.9.1 Darwin/19.6.0 source/x86_64 prompt/off
Platform/OS/Hardware/Device
mac Os 10.15.7
To Reproduce (observed behavior)
Expected behavior
the command should just build your kubeconfig or use the provided role to describeCluster
The text was updated successfully, but these errors were encountered: