winn j
Reputation: 452
Kubectl Forbidden error in EKS after modifying the configmap
I have locked myself out after modifying the config map. Is there any way around this?
This happened after i modified the config map using
kubectl edit -n kube-system configmap/aws-auth
Now i am getting an error using the IAM role that was used to create the cluster
Error from server (Forbidden): pods is forbidden: User "USERNAME" cannot list resource "pods" in API group "" in the namespace "default"
Upvotes: 10
Views: 3275
Answers (1)
sai
Reputation: 450
By default, EKS Cluster creator (IAM role/user) get full accessto EKS Cluster (irrespective of aws-auth configMap)
- Run aws sts get-caller-identity and validate if Arn from response is the IAM role/user that created the EKS Cluster.
If you are locked out with no access for Cluster Creator, reach out to AWS Premium Support using the same account as EKS Cluster. They can help fix it (hope).
Worst case, have to create a new Cluster.
Upvotes: 2
Related Questions
- Kubectl command throwing error: Unable to connect to the server: getting credentials: exec: exit status 2
- EKS update config with awscli command "aws eks update-kubeconfig" fails with error "'NoneType' object is not iterable"
- "kubectl --raw" command error on EKS can't connect server log
- Messed up with configmap aws-auth
- EKS with Kubectl keeps saying Unauthorized
- kubectl not picking up the correct kubeconfig
- kubectl apply reports error "Operation cannot be fulfilled on serviceaccounts"
- AWS EKS "is not authorized to perform: iam:CreateServiceLinkedRole"
- kubectl error You must be logged in to the server (Unauthorized) - EKS cluster
- KUBECTL ERROR: the server has asked for the client to provide credentials