Hi,
Is it possible to create a EKS cluster with terraform on the playground?
How do I get the credential of my assigned user?
Yes, For credential you can store on vault and get during execute or set local env. variable
My question is how to get the credentials in the first place, not how to store them.
Which playground are you using? The Terraform With AWS playground supplies the needed credentials in its first frame. I’m not sure if the playground has sufficient rights to create an EKS instance using the appropriate resources, but that’s a different issue.
Facing a similar issue…i am trying to create an EKS cluster using Terraform but getting the below error:
│ Error: creating EKS Cluster (staging-my-cluster-eks-cluster): operation error EKS: CreateCluster, https response error StatusCode: 403, RequestID: 9cda1938-5688-47f6-bf6e-86f246aaf417, api error AccessDeniedException: User: arn:aws:iam::905418278789:user/kk_labs_user_143799 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::905418278789:role/staging-my-cluster-eks-cluster
│
│ with aws_eks_cluster.eks,
│ on 7-eks.tf line 29, in resource “aws_eks_cluster” “eks”:
│ 29: resource “aws_eks_cluster” “eks” {
Although my cluster is going to be within the allowed limits, I am unable to create it due to an IAM permission error when assigning the required IAM role to the cluster. I encountered the same issue when attempting to create the cluster through the AWS Management Console.
Additionally, I noticed a similar IAM-related permission issue when trying to delete RDS subnets (Using terraform destory & also tried with the management console). Could you please check if there are any restrictions or misconfigurations affecting IAM permissions?
There are a variety of mine fields in creating terraform code to do this on our playgrounds. But if you want to see how to do this, you should start with how you can do this manually, since if you can do it in the console, the equivalent action in terraform should work. Please take a look at our tutorial on that.
Hello Rob, the equivalent is not working in the Management console as well.
You have to follow it extremely closely – including the names of groups and roles – or it fails. But the guy that maintains the tutorial is very, very good with AWS, so it’s likely that if you had problems with it, that you deviated from some of the details. I’ve mentioned this to him; he’s going to check to make sure it’s not busted, in any case.
1 Like
Try this script instead; it’s used with one of our courses, and is frequently tested. In fact, the maintainer just tried it, and it works on the PG as of now.
1 Like
To resolve the IAM:PassRole error you’re encountering, please refer to this link for guidance.
1 Like
Thanks, Rob, the given resources worked, i replicated the same using my own TF code, i was it was due to a spelling mistake.
Thanks for sharing the link Vipul, the steps worked wonderfully.!