Im not able to create de nodegroup from the portal im getting the error bellow:
User: arn:aws:iam::412793213680:user/odl_user_798831 is not authorized to perform: eks:CreateNodegroup on resource: arn:aws:eks:us-east-2:412793213680:cluster/kodekloud_cluster with an explicit deny
Do you hava any idea how to solve this ?
Thanks in advance.
I’m seeing the same issue when creating a managed node group in us-east-1. From the AWS console, the EKS cluster creates fine.
We’re aware of this issue, and the engineering team currently working on it.
We will keep you updated.
Thanks for your reply, did you get this working in another region?
Yes I tried in us-west-2 as well. Saw the same issue while creating a managed node group.
Any potential ETA regarding the fix for this issue? Thanks
Hello @ysharma, @Diego-Oliveira,
Can you follow these instructions to create the EKS cluster?
"You should be able to launch EKS with “Self-managed nodes”. As of now “Managed Node-group” and “Fargate Profile” will not work with EKS.
Also, you need to keep in mind below restrictions as well.
choose one of these instance types: *.nano, *micro, *.small, *.medium of t1,t2 and t3 instance class.
choose disk type as “gp2” only.
Maximum disk size per node allowed is 30GB.
In order to deploy EKS; it needs to meet all above criteria."
Thanks for the response. I was able to create an EKS cluster with a self-managed node group (two t3.medium instances with 20GB of disk size) in us-east-1 region.
Please let me know the result after then.
Hi @ysharma did you create it from AWS dashboard?
My initial message was to update that the steps you suggested worked. So all good
Yes, I created the self-managed node group from the AWS Console/Dashboard. With eksctl, the deployment of CloudFormation stack was failing because the IAM user was not allowed to create an IAM InstanceProfile for the node group. However, there were no permissions issue when I did the same from console. I followed the instructions from the link that @trung-kodekloud shared to create the self-managed node group
@ysharma Thank you for the confirmation. Still bit confuse to perform it, is it possible for you to share the complete steps to get create of eks cluster from AWS playground.
- In us-east-1 AWS region, you can start by installing eksctl in the AWS Cloud Shell
- Once eksctl is installed, create an EKS cluster without nodegroups using the following command and the config file:
COMMAND - eksctl create cluster -f .yaml
# A simple example of ClusterConfig object:
- Once the cluster is created, you can follow the step-by-step instructions from Launching self-managed Amazon Linux nodes - Amazon EKS (using the AWS Management Console instructions) to create a self-managed node group
Thanks for sharing your solutions with the community @ysharma.
getting beloow error while running the eksctl from AWS cloud shell
-bash-4.2# eksctl create cluster -f ekscluster.yml
Error: checking AWS STS access – cannot get role ARN for current session: operation error STS: GetCallerIdentity, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get “http://169.254.169.254/latest/meta-data/iam/security-credentials/”: dial tcp 169.254.169.254:80: connect: invalid argument
How can I login to this AWS playground account from my laotop using aws cli. I have tried to create user to get access key and secret key to get login to this act, no luck.
@sreemanthena Ive got the same problem, very disappointing, once automation could save us some time.
@trung-kodekloud hope you only can help @Diego-Oliveira and me in creating of eks cluster. Request you to create one separate doc for eks cluster how you shared cluster setup in azure and google.
Hello @sreemanthena and @Diego-Oliveira
Sorry for any inconvenience you may have with EKS, I’m going to check the EKS cluster on the playground and write a post (ETA within this week).
I tried the steps mentioned by @ysharma to create the self managed node group. But I am unable to create since it is showing error as user is not having permission to access ssm parameters. Kindly suggest on this
@trung-kodekloud any update on creation of EKS cluster?