Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[aws-eks] `ec2:DescribeVpcs` permission is missing when creating clusters
See original GitHub issueToday I’ve also gotten the same error but on the ec2:DescribeVpcs permission. This was not the case on Friday because I rolled out an EKS cluster with a CDK build done from the master branch. Adding the DescribeVpcs permission solved the problem, same as the PR in #8859
Seems like AWS is changing stuff on their end that requires more permissions?
_Originally posted by @jargelo in https://github.com/aws/aws-cdk/issues/8574#issuecomment-654241149_
Issue Analytics
- State:
- Created 3 years ago
- Reactions:7
- Comments:20 (5 by maintainers)
Top Results From Across the Web
Troubleshoot why your ECS or EC2 instance can't join the ...
With the AWSSupport-TroubleshootECSContainerInstance runbook, you can troubleshoot the EC2 instance that fails to register with the ECS cluster.
Read more >Amazon EKS troubleshooting - AWS Documentation
When an Amazon EKS cluster is created, the IAM entity (user or role) that creates the cluster is added to the Kubernetes RBAC...
Read more >AWS managed policies for Amazon Elastic Kubernetes Service
This policy includes the following permissions that allow Amazon EKS to complete the following tasks. ec2 – Create and describe Elastic Network Interfaces...
Read more >Resolve the Kubernetes object access error in Amazon EKS
When you create an Amazon EKS cluster, the IAM user or role is automatically granted system:masters permissions in the cluster's RBAC ...
Read more >Error codes for the Amazon EC2 API - AWS Documentation
Indicates an incorrect combination of parameters, or a missing parameter. For example, trying to terminate an instance without specifying the instance ID.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’ve got the issue when deploying CDK app from scratch ( VPC and EKS as seperate stacks ). Deployment of EKS stack failed with the same error. During redeploy it worked fine. I am using CDK 1.60
I was able to reproduce this multiple times in a single account by manually deleting the
AWSServiceRoleForAmazonEKSSLR before each deployment. In this scenario (which simulates a blank account) - EKS will create the SLR upon first cluster deployment, and use it for all subsequent deployments as well.However, seems like there might be an issue with this first deployment flow - which I am following up on internally. In the meantime, I can verify that the patch policy @rafaelpereyra suggested solves the issue, and I’ve created a PR to include it in the default policy of the creation role.