- Newest
- Most votes
- Most comments
You need add the eks-fargate-pods.amazonaws.com Service Principal," typically occurs during the creation of an AWS EKS Fargate profile when the trust relationship for the PodExecutionRole is not correctly set up to allow the eks-fargate-pods.amazonaws.com service principal.
Please find the steps by step instruction as mention in below
Step 1: Go to the IAM console in AWS. Locate the PodExecutionRole you are using for your EKS Fargate profile. Check the trust relationships of this role. It should have a trust relationship with the eks-fargate-pods.amazonaws.com service principal. Step 2:Update the Trust Relationship:
Step 3: If the eks-fargate-pods.amazonaws.com service principal is not listed, you will need to add it.
Edit the trust relationship to include the following policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "eks-fargate-pods.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
Relevant content
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
I have added this trust policy, but still seeing this issue. It only fails using EKSCTL cli command (eksctl create fargateprofile -f common-fargate.yaml) but successful through AWS console. My yaml syntax as follows:
apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: <eks-cluster-name> region: us-east-1 fargateProfiles: