Followed this link: Enabling cross-account access to Amazon EKS cluster resources
I can make a pod in an Amazon EKS cluster hosted in ci account interact and manage the AWS resources in a target account.
This is the aws config file:
[profile ci-env]
role_arn = arn:aws-cn:iam::CICD_ACCOUNT:role/eksctl-jenkins-cicd-demo-addon-iamserviceacc-Role1-1AQZO394370HE
web_identity_token_file = /var/run/secrets/eks.amazonaws.com/serviceaccount/token
region = cn-north-1
[profile target-env]
role_arn = arn:aws-cn:iam::TARGET_ACCOUNT:role/target-account-iam-role
source_profile = ci-env
role_session_name = xactarget
region = cn-north-1
When I run aws s3 ls --profile target-env, it worked and listed the s3 buckets in my target account.
Then, I want to deploy a cdk app on ci account which can create s3 bucket on target account.
But When I run cdk deploy --profile target-env, it appeared:
Need to perform AWS calls for account TARGET_ACCOUNT, but no credentials have been configured.
I am very confused and don't know how to solve it. I am a beginner of aws service, thanks advance for helping me!
