Reputation: 1331
AssumingRole is not authorized to perform, even if add the policies strategy
What I am trying to is using my IAM user udagram-xue-dev to assume the role of eksClusterRole. This is my policies configures:
This policy has been add to my IAM user:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::111111111111:role/eksClusterRole"
}
]
}
This trust policy has been added to my eskClusterRole:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111111111111:user/udagram-xue-dev",
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
but I still get this problem:
I have read a lot of relevant details about this assuming role problem, but I still can't figure out how to fix it. It seems that they all just need to add these policies, then it'll be OK.
Upvotes: 1
Views: 91
Answers (1)
Reputation: 51684
According to your configuration, everything seems to be in place. However, there might be a different policy (permission boundary, service control policy, or another IAM policy applied to the user) that overrides the permissions.
You can test your policies and find out if there’s anything interfering with your permissions using the IAM Policy Simulator.
Upvotes: 2
Related Questions
- Assume AWS role from service account in AWS EKS
- Allow ECS task to AssumeRole into another account
- How to allow an assume role connect from EC2 to EKS on AWS?
- eks iam roles for services account not working
- AWS EKS "is not authorized to perform: iam:CreateServiceLinkedRole"
- AWS role and user have not any policy,why I still can access K8s cluster?
- Getting error "An error occurred (AccessDenied) when calling the AssumeRole operation: Access denied" after setting up EKS cluster
- EKS not able to authenticate to Kubernetes with Kubectl - "User: is not authorized to perform: sts:AssumeRole"
- Simplest possible IAM Policy is Denied. Why?
- assume IAM roles using user name and password