Is not authorized to perform: iam:PassRole on resource: arn:aws:iam::227680169240:role/EKS_Role

jayamanidharshini · January 10, 2024, 6:10pm

User: arn:aws:iam::227680169240:user/kk_labs_user_329731 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::227680169240:role/EKS_Role

While creating an EKS cluster in AWS, I encountered an error. , and also attached screenshot of the error. and I can’t log AWS CLI using IAM Access and secret key, Could you please help me resolve it.

Alistair_KodeKloud · January 10, 2024, 7:42pm

You cannot create managed node groups, and you need to use specific roles on the playground.

Please follow one of these two guides to deploy EKS

jayamanidharshini · January 11, 2024, 10:47am

hi @ Alistair Mackay, Thanks for you reply now I can able to create EKS Cluster in AWS Playground, but I can’t able to create NodeGroups in EKS, I got error like below, could you please help me to resolve it ?

User: arn:aws:iam::511964875546:user/kk_labs_user_363693 is not authorized to perform: eks:CreateNodegroup on resource: arn:aws:eks:us-east-1:511964875546:cluster/demo-eks with an explicit deny

Alistair_KodeKloud · January 11, 2024, 12:46pm

You are trying to create a managed node group. As mentioned above, you cannot do this.
Please follow the playground series guide above to learn how to create an unmanaged node group.

mabdullah007 · May 10, 2025, 6:19pm

Hi @Alistair_KodeKloud,

I am doing the KodeKloud Engeers aws Level 3 Task 10

followed the steps as shown in the above link but I am unable to create EKS cluster facing similar error

.

Here is the config screenshot of the EKS

seems to be bug with the Task.

mabdullah007 · May 11, 2025, 7:59am

I was able to create the cluster with this role, I was able to cluster

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “eks.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}

Alistair_KodeKloud · May 11, 2025, 10:25am

AutoNodeRole is for managed nodes which are not permitted by our AWS accounts. I cannot imagine the task will direct you to create the same.
Configure the cluster as per our playground instructions and it should launch.

Obaid · June 26, 2025, 6:48am

@Alistair_KodeKloud I am following the guide on GitHub for playgrounds.
I was able to create the cluster a few times…but I run into the below error a lot. I am not using node groups for roles

User: arn:aws:iam::654654139377:user/kk_labs_user_545305 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::654654139377:role/ekscluster

Tej-Singh-Rana · June 26, 2025, 8:37am

Hi @Obaid ,

The role name is “eksclusterRole”, not “eksCluster”.

Tej-Singh-Rana · June 26, 2025, 8:38am

It’s already written in the doc that you’re following.

certified-kubernetes-administrator-course/managed-clusters/eks/console/docs/02-create-service-role.md at master · kodekloudhub/certified-kubernetes-administrator-course · GitHub

Obaid · June 26, 2025, 11:43pm

oh. I thought the name could be anything. I deployed it. thanks

I also deployed it using the terraform code above but it does not automate the node deployment? is it all manual for that?

Alistair_KodeKloud · June 29, 2025, 7:56pm

A couple of things here

Permissions such as iam:PassRole are granted to only specific role names in playground accounts, so no, the role cannot have any name
The terraform provisions the EC2 instances for the nodes. It does not join them to the cluster. That is done using the node instance role which is printed at the end of the terraform run, here.