Troubleshoot the eks creating load balancer access denied

Jun 2, 2021 · 1 min read · cloud aws  ·
Share on:

排除 ingress-nginx 的 Error syncing load balancer: failed to ensure load balancer: error creating load balancer: "AccessDenied: 異常.

Issue

https://github.com/terraform-aws-modules/terraform-aws-eks/issues/183

Error message

helm install ingress-nginx 時發生錯誤, 盤查後發現下面錯誤

1Warning  SyncLoadBalancerFailed  24m (x10 over 69m) service-controller  (combined from similar events): Error syncing load balancer: failed to ensure load balancer: error creating load balancer: "AccessDenied:
2is not authorized to perform: ec2:DescribeAccountAttributes\n\tstatus code: 403

1Warning  SyncLoadBalancerFailed  25s  service-controller  Error syncing load balancer: failed to ensure load balancer: error creating load balancer: "AccessDenied: is not authorized to perform: ec2:D
2escribeInternetGateways\n\tstatus code: 403, request id: ba2ab5e2-9690-498a-aad3-3e46fb693588"

Solution

從上面錯誤可以看到缺少 policy, 這邊建立 policy eks-cluster-ingress-loadbalancer-creation 後並配置給我們自建的 AWSEKSClusterRole

arn:aws:iam::xxxxxxxxxx:policy/eks-cluster-ingress-loadbalancer-creation

 1{
 2    "Version": "2012-10-17",
 3    "Statement": [
 4        {
 5            "Effect": "Allow",
 6            "Action": [
 7                "ec2:DescribeAccountAttributes",
 8                "ec2:DescribeInternetGateways"
 9            ],
10            "Resource": "*"
11        }
12    ]
13}
comments powered by Disqus