Reputation: 11
AWS EKS Cluster & Nodes creation IAM Role
When You try and create an EKS Cluster there is a box for IAM Role, likewise when you try and create worker nodes there is a box for IAM Role. The box is blank with a pulldown menu. I am not understanding how to populate the box. I know the Polices I want for the Role, I can see existing Roles that use the policies I want, I can create Roles with the correct Policy, but they never appear as a choice in that IAM pulldown Menu... It is mandatory box, it has to be populated.
I even tried assuming the role first, but I don't have access to the root account, and when i put my login account, it says invalid account (You know the subordinate accounts you can create where you put the real account ID in the top box (which is a series of numbers) then the account name someone created for you, and your password.
How do you get that IAM Role box populated when creating a Cluster or worker node group?
Upvotes: 1
Views: 6679
Answers (3)
Reputation: 3606
To create your Amazon EKS node role in the IAM console
- Open the IAM console at https://console.aws.amazon.com/iam/
- In the left navigation pane, choose Roles.
- On the Roles page, choose Create role.
- On the Select trusted entity page, do the following:
- In the Trusted entity type section, choose AWS service.
- Under Use case, choose EC2.
- Choose Next.
- On the Add permissions page, do the following:
- In the Filter policies box, enter AmazonEKSWorkerNodePolicy.
- Select the check box to the left of AmazonEKSWorkerNodePolicy in the search results.
- Choose Clear filters.
- In the Filter policies box, enter AmazonEC2ContainerRegistryReadOnly.
- Select the check box to the left of AmazonEC2ContainerRegistryReadOnly in the search results.
- Either the AmazonEKS_CNI_Policy managed policy, or an IPv6 policy that you create must also be attached to either this role or to a different role that's mapped to the aws-node Kubernetes service account. We recommend assigning the policy to the role associated to the Kubernetes service account instead of assigning it to this role. For more information, see Configuring the Amazon VPC CNI plugin for Kubernetes to use IAM roles for service accounts.
- Choose Next.
- On the Name, review, and create page, do the following:
- For Role name, enter a unique name for your role, such as AmazonEKSNodeRole.
- For Description, replace the current text with descriptive text such as Amazon EKS - Node role.
- Under Add tags (Optional), add metadata to the role by attaching tags as key–value pairs. For more information about using tags in IAM, see Tagging IAM Entities in the IAM User Guide
- Choose Create role.
Upvotes: 7
Reputation: 11
The problem was I have a sub account, which sucks cause i am used to being root. I had to plead with the "real account" to grant me more permissions in my PowerUsers Role.
Upvotes: 0
Related Questions
- Creating EKS cluster by using Java application
- eks:cloud-controller-manager cluster role in EKS/K8s
- How can I map IAM group to EKS cluster in AWS?
- IAM that created eks I wonder how can I have system:master
- Multi-account nodes in the EKS cluster
- Correct way to get multi-AZ cluster on EKS
- Access remote EKS cluster from an EKS pod, using an assumed IAM role
- Enabling AWS Group to access AWS EKS cluster
- AWS EKS - Create cluster minimum IAM permissions (AccessDenied)
- Amazon EKS: Setting up worker nodes on spot instances