User: arn:aws:iam::211125588626:user/kk_labs_user_522421 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::211125588626:role/EKSClusterRole
Hi @bnivasreddy,
You are using the wrong name. It should be eksClusterRole.
Please check the following guide page for an EKS cluster creation.
It’s also mentioned on the playground instructions page.
AWS SandBox Playground | KodeKloud
Please check and let us know if you have any other problems.
Regards,
now I created the cluster but unable to create a node group
User: arn:aws:iam::767398003596:user/kk_labs_user_304003 is not authorized to perform: eks:CreateNodegroup on resource: arn:aws:eks:us-east-1:767398003596:cluster/DemoCluster
Is there a way to create node group in EKS cluster?
Currently, we are supporting only “self-managed nodes”.
I am facing a similar issue with the following scenario:
- I am learning how to set up EKS on AWS using terraform .
- The tutorial I am using creates everything from scratch : users, permissions, roles , policies etc.=>since that is the whole idea : learn how to create everything from Terraform code .
- when KodeKloud prevent us from creating such resources, we are left out to become
“Kubernetes Users” and not “Kubernetes Admins/DevOps” . so that was the whole point of creating KodeKloud in the first Place.
Please pass this feedback further on.
In order to make our subscriptions affordable, we have to limit what you can do on the playgrounds. You can’t create “everything” using them because if you could, you could run up very expensive (hundreds or thousands of US $) in resource use rather quickly. So our playgrounds are limited.
They’re a resource to learn how to use the targeted platforms, so if you’re using your own account, you can use the knowledge you gain here to know your way around cloud services. But of necessity, some things you won’t be able to use here, on a safe-and-sane playground.
I agree that resources on AWS can be quite expensive and it makes total sense to limit compute and database resources . I can even say that most of your limitation today make sense . what doesn’t make sense is the denial of for example IAM and roles which are core concepts for anyone who wants to learn to be dev ops . the entrie purpose of the KodeKloud platform was to train professionals who wants to become experts on their domain .
well , how can you be EKS admin with Zero permission ? you can’t . you are turning us to be “kubernetes users” not “kubernetes admins”.
i’m afraid this is a deal breaker . I simply
cannot do anything with the platform - and what I can do is on the free tier of Either aws, gcp and azure - which raises the questio : why spending 360$ a year on a product that you can’t do nothing with it ?
I hear you: but it’s the IAM limits that prevent abuse of the playgrounds, very simply: if you can define roles that let you create unlimited resources (and you very much can with IAM) then a playground product is not workable. You can do quite a lot with the playgrounds, nonetheless.
you can be “cloud user”
not “cloud dev ops” and not “cloud admin”
and there ar plenty platforms out there that can give you the ability to be “cloud user”
almost 90% of the courses on kodekloud are dev ops oriented , so I really don’t get it.
how come the labs on the IAM course by Amin have the permission open ?
I’m sure there are tools and techniques where you can limit capacity , Db usage , bucket usage , Queues and Scale set limits while still allowing users to interact with IAM
i mean … you cannot even run terraform on those playground - this is SO Basic requirement.
I am quite shocked that you truly believe that a person that want to build his career as dev ops will be satisfied with clicking some buttons on the UI to create pre-made EKS cluster
i’m sure you can see this is a huge miss