Error while creating EKS Cluster using eksctl

0
votes

I am trying to create a EKS cluster using eksctl using my IAM user. I am using a yaml file to provide all the configuration. While doing so, I am getting error

The content of yaml file is posted below:

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: testCluster1
  region: us-east-2

nodeGroups:
  - name: ng-1
    instanceType: m5.large

iam: 
  serviceRoleARN: "arn:aws:sts::019751775207:assumed-

role/XYZ_Team_Access/[email protected]"

Error: Cluster/ControlPlane: CREATE_FAILED - "The service name in roleArn must be scoped to 'iam'. (Service: AmazonEKS; Status Code: 400; Error Code: InvalidParameterException; Request ID: 56115c79-8909-11e9-a1da-85124a03f2a7)"

`Console Output:

[?]  using region us-east-2
[?]  setting availability zones to [us-east-2c us-east-2a us-east- 2b]
[?]  subnets for us-east-2c - public:192.168.0.0/19 private:192.168.96.0/19
[?]  subnets for us-east-2a - public:192.168.32.0/19 private:192.168.128.0/19
[?]  subnets for us-east-2b - public:192.168.64.0/19 private:192.168.160.0/19
[?]  nodegroup "ng-1" will use "ami-04ea7cb66af82ae4a" [AmazonLinux2/1.12]
[?]  creating EKS cluster "clusterAmol1" in "us-east-2" region
[?]  1 nodegroup (ng-1) was included
[?]  will create a CloudFormation stack for cluster itself and 1 nodegroup stack(s)
[?]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-east-2 --name=clusterAmol1'
[?]  2 sequential tasks: { create cluster control plane "clusterAmol1", create nodegroup "ng-1" }
[?]  building cluster stack "eksctl-clusterAmol1-cluster"
[?]  deploying stack "eksctl-clusterAmol1-cluster"
[?]  unexpected status "ROLLBACK_IN_PROGRESS" while waiting for CloudFormation stack "eksctl-clusterAmol1-cluster"
[?]  fetching stack events in attempt to troubleshoot the root cause of the failure
[?]  AWS::CloudFormation::Stack/eksctl-clusterAmol1-cluster: ROLLBACK_IN_PROGRESS - "The following resource(s) failed to create: [RouteTableAssociationPrivateUSEAST2B, RouteTableAssociationPrivateUSEAST2C, RouteTableAssociationPrivateUSEAST2A, RouteTableAssociationPublicUSEAST2A, RouteTableAssociationPublicUSEAST2C, RouteTableAssociationPublicUSEAST2B, ControlPlane, NATGateway]. . Rollback requested by user."
[?]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2C: CREATE_FAILED - "Resource creation cancelled"
[?]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2C: CREATE_FAILED - "Resource creation cancelled"
[?]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2A: CREATE_FAILED - "Resource creation cancelled"
[?]  AWS::EC2::NatGateway/NATGateway: CREATE_FAILED - "Resource creation cancelled"
[?]  AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2A: CREATE_FAILED - "Resource creation cancelled"

[?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2B: CREATE_FAILED - "Resource creation cancelled" [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2B: CREATE_FAILED - "Resource creation cancelled" [?] AWS::EKS::Cluster/ControlPlane: CREATE_FAILED - "The service name in roleArn must be scoped to 'iam'. (Service: AmazonEKS; Status Code: 400; Error Code: InvalidParameterException; Request ID: ae0ef6d8-8917-11e9-b12f-eb52e4e9e6af)" [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2B: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2A: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2C: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2C: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2A: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::Route/PublicSubnetRoute: CREATE_COMPLETE [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2B: CREATE_IN_PROGRESS [?] AWS::EKS::Cluster/ControlPlane: CREATE_IN_PROGRESS [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2A: CREATE_IN_PROGRESS [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2B: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::NatGateway/NATGateway: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPrivateUSEAST2C: CREATE_IN_PROGRESS [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2C: CREATE_IN_PROGRESS [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2A: CREATE_IN_PROGRESS [?] AWS::EC2::NatGateway/NATGateway: CREATE_IN_PROGRESS [?] AWS::EC2::SubnetRouteTableAssociation/RouteTableAssociationPublicUSEAST2B: CREATE_IN_PROGRESS [?] AWS::EC2::Subnet/SubnetPrivateUSEAST2A: CREATE_COMPLETE [?] AWS::EC2::Subnet/SubnetPrivateUSEAST2C: CREATE_COMPLETE [?] AWS::EC2::Subnet/SubnetPrivateUSEAST2B: CREATE_COMPLETE [?] AWS::EC2::Subnet/SubnetPublicUSEAST2A: CREATE_COMPLETE [?] AWS::EC2::Subnet/SubnetPublicUSEAST2C: CREATE_COMPLETE [?] AWS::EC2::VPCGatewayAttachment/VPCGatewayAttachment: CREATE_COMPLETE [?] AWS::EC2::Subnet/SubnetPublicUSEAST2B: CREATE_COMPLETE [?] AWS::EC2::SecurityGroupIngress/IngressInterNodeGroupSG: CREATE_COMPLETE [?] AWS::EC2::SecurityGroupIngress/IngressInterNodeGroupSG: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::SecurityGroupIngress/IngressInterNodeGroupSG: CREATE_IN_PROGRESS [?] AWS::EC2::SecurityGroup/ControlPlaneSecurityGroup: CREATE_COMPLETE [?] AWS::EC2::SecurityGroup/ClusterSharedNodeSecurityGroup: CREATE_COMPLETE [?] AWS::EC2::SecurityGroup/ControlPlaneSecurityGroup: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::SecurityGroup/ClusterSharedNodeSecurityGroup: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::Route/PublicSubnetRoute: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::Route/PublicSubnetRoute: CREATE_IN_PROGRESS [?] AWS::EC2::RouteTable/PrivateRouteTable: CREATE_COMPLETE [?] AWS::EC2::RouteTable/PublicRouteTable: CREATE_COMPLETE [?] AWS::EC2::VPCGatewayAttachment/VPCGatewayAttachment: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::Subnet/SubnetPrivateUSEAST2C: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::RouteTable/PrivateRouteTable: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::Subnet/SubnetPrivateUSEAST2A: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::Subnet/SubnetPrivateUSEAST2B: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::Subnet/SubnetPublicUSEAST2A: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::RouteTable/PublicRouteTable: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::Subnet/SubnetPublicUSEAST2C: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::SecurityGroup/ControlPlaneSecurityGroup: CREATE_IN_PROGRESS [?] AWS::EC2::VPCGatewayAttachment/VPCGatewayAttachment: CREATE_IN_PROGRESS [?] AWS::EC2::Subnet/SubnetPrivateUSEAST2C: CREATE_IN_PROGRESS [?] AWS::EC2::RouteTable/PrivateRouteTable: CREATE_IN_PROGRESS [?] AWS::EC2::Subnet/SubnetPrivateUSEAST2B: CREATE_IN_PROGRESS [?] AWS::EC2::SecurityGroup/ClusterSharedNodeSecurityGroup: CREATE_IN_PROGRESS [?] AWS::EC2::Subnet/SubnetPublicUSEAST2A: CREATE_IN_PROGRESS [?] AWS::EC2::RouteTable/PublicRouteTable: CREATE_IN_PROGRESS [?] AWS::EC2::Subnet/SubnetPublicUSEAST2B: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::Subnet/SubnetPrivateUSEAST2A: CREATE_IN_PROGRESS [?] AWS::EC2::Subnet/SubnetPublicUSEAST2C: CREATE_IN_PROGRESS [?] AWS::EC2::Subnet/SubnetPublicUSEAST2B: CREATE_IN_PROGRESS [?] AWS::EC2::VPC/VPC: CREATE_COMPLETE [?] AWS::EC2::EIP/NATIP: CREATE_COMPLETE [?] AWS::EC2::InternetGateway/InternetGateway: CREATE_COMPLETE [?] AWS::EC2::EIP/NATIP: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::InternetGateway/InternetGateway: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::EIP/NATIP: CREATE_IN_PROGRESS [?] AWS::EC2::VPC/VPC: CREATE_IN_PROGRESS - "Resource creation Initiated" [?] AWS::EC2::InternetGateway/InternetGateway: CREATE_IN_PROGRESS [?] AWS::EC2::VPC/VPC: CREATE_IN_PROGRESS [?] AWS::CloudFormation::Stack/eksctl-clusterAmol1-cluster: CREATE_IN_PROGRESS - "User Initiated" [?] building nodegroup stack "eksctl-clusterAmol1-nodegroup-ng-1" [?] 2 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console [?] to cleanup resources, run 'eksctl delete cluster --region=us-east-2 --name=clusterAmol1' [?] waiting for CloudFormation stack "eksctl-clusterAmol1-cluster" to reach "CREATE_COMPLETE" status: ResourceNotReady: failed waiting for successful resource state [?] invalid cluster config: missing CertificateAuthorityData [?] failed to create cluster "clusterAmol1"`

1
amazon-web-servicesamazon-ec2amazon-eks

1 Answers

0
votes

Two errors seen from logs : 1)"The service name in roleArn must be scoped to 'iam' 2)Invalid cluster config: missing CertificateAuthorityData failed to create cluster "clusterAmol1"`

Double check the permissions for IAM user which runs eksctl

https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#unauthorized

I would recommend to try out first with admin permissions to see if it can pass through this error - then you can eliminate permission issue. Later launch exactly the way aws docs / git repo describes - to exclude errors in yaml file