Unable to create EKS cluster from AWS CLI

Ashish5544 · October 13, 2024, 1:38am

getting this error while creating EKS cluster in AWS. does anyone have any idea why im getting this error ?

error : 2024-10-13 07:03:39 [] AWS::EKS::Cluster/ControlPlane: CREATE_FAILED – “Resource handler returned message: "User: arn:aws:iam::891377079266:user/kk_labs_user_606785 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::891377079266:role/eksctl-test-cluster-2-cluster-ServiceRole-wtcQKJA3PHdv (Service: Eks, Status Code: 403, Request ID: 69b897f6-0874-4966-ae4c-61e27a455b31)" (RequestToken: 702bb73f-12ca-d09b-a2be-ad14e6d68d7a, HandlerErrorCode: AccessDenied)”

command i have given :
eksctl create cluster --name= test-cluster `

–region us-east-1 --vpc-private-subnets subnet-0b3668b81748a3f81,subnet-09948d44c3e66d31f
–vpc-public-subnets subnet-0dfc63be34fc18d64,subnet-0d780983ca98c1508 `
–fargate

troubleshooting steps done :

used only east1a,1b regions subnets as suggested by some other answer.
added EKS and cloudformation roles

if anyone has any leads let me know.

FYI, im able to create cluster through GUI in AWS.

rob_kodekloud · October 13, 2024, 3:26am

I’m not sure what invocation of ekscl create cluster you need to do, but I’d look at the instructions in our CKA repo for this, to see if you can infer what you need to do.

Ashish5544 · October 13, 2024, 4:12am

Hey Rob,
Hope you are doing good. thanks for your quick reply. the method you have suggested is via GUI. its working perfectly fine through GUI for me , but through aws cli, its not working . any suggestions? or do I have to sync the IAM policy through AWS CLI as well once ?

Alistair_KodeKloud · October 13, 2024, 10:57am

eksctl is not supported in playground as it makes API calls that are denied by policy.

Ashish5544 · October 14, 2024, 2:33am

Ah,this makes more sense. Clear . Thanks !