EKS cluster with m7i.4xlarge instance type not getting create

0

Following the EKS workshop and creating an EKS cluster.

Here is the cluster.yaml:

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
availabilityZones:
  - us-west-2a
  - us-west-2b
  - us-west-2c
metadata:
  name: eks-workshop
  region: us-west-2
  version: "1.30"
  tags:
    karpenter.sh/discovery: eks-workshop
    created-by: eks-workshop-v2
    env: eks-workshop
iam:
  withOIDC: true
vpc:
  cidr: 10.42.0.0/16
  clusterEndpoints:
    privateAccess: true
    publicAccess: true
addons:
  - name: vpc-cni
    version: 1.16.0
    configurationValues: '{"env":{"ENABLE_PREFIX_DELEGATION":"true", "ENABLE_POD_ENI":"true", "POD_SECURITY_GROUP_ENFORCING_MODE":"standard"},"enableNetworkPolicy": "true", "nodeAgent": {"enablePolicyEventLogs": "true"}}'
    resolveConflicts: overwrite
managedNodeGroups:
  - name: default
    desiredCapacity: 3
    minSize: 3
    maxSize: 6
    instanceType: m7i.4xlarge
    privateNetworking: true
    releaseVersion: "1.30.0-20240625"
    updateConfig:
      maxUnavailablePercentage: 50
    labels:
      workshop-default: "yes"

Creating the cluster using this gives the following error:

2024-09-05 00:01:27 [ℹ]  waiting for CloudFormation stack "eksctl-eks-workshop-nodegroup-default"
2024-09-05 00:02:04 [ℹ]  waiting for CloudFormation stack "eksctl-eks-workshop-nodegroup-default"
2024-09-05 00:02:04 [!]  1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console
2024-09-05 00:02:04 [ℹ]  to cleanup resources, run 'eksctl delete cluster --region=us-west-2 --name=eks-workshop'
2024-09-05 00:02:04 [✖]  waiter state transitioned to Failure
Error: failed to create cluster "eks-workshop"

Here is more detailed message from CloudFormation stack:

1 validation error detected: Value 'You are not authorized to launch instances with this launch template. Encoded authorization failure message: Mns_CHts8-oKDJYxPsQV0zIOqUexStJwFpN8qSzB4KhVAxBK94VrSYQdvr0avnDq95cZRJsoCo4qL-tyaHGkTdwDKMJkcN02LsODprL7oF6wX5K1zhQ3lDqWhZvrgW0cjev0q_jltg6pbufEb1iDtOUA_PphRmn5OhEzywgzGGggrbfrynQNxuc7pS0jBHkhCBKRIzyjwixVmrTX30scqpJDlpR7xBYtKwxCkVz7kw_p-gGqZCTMqZ3dvFw8iQSf8MHayxVAq-Q-s0uBv4JLRtlXFk0-FeXQAnyiNA7GlyUzzXMbku1MT2BAiL-hR-HR9DxjO93ESKHKQ7lHBr_ovGEWQqH5Cy36LyNeFkELk_NWh1SPorviIAZLbCwHMVaQXo9C83S5s7iBZTkS7wqaw3Sk-4aNmbilsjNECw_ot2sOgk58mNJhBDRiG3dSbWqOCNx0M0LE3S8a9Cl9V3vN1kIEJ_xr0kzT5t7jvPE_oj8Rh1NuRkOuN6QMfZaVkX_jc0Okwf67jLtBYByv3t70pAaCLYdckeAT6Ubqtv6mAQ3XIezfapRfVohOtqO6c0o1LmwUW_HZHwMAn8RUJaiRrbj94ZDtD0M_5EvpUKkN8MIyoma9ihuFCBewoEp1Vqg2i87E2YcdtxFDiSoC8O8e_GoEYNRYgLMKBvHgNhakJJz8zdhwsefgnCQXpEaBq7SXqaPXkMNs6V6e6LjY_6K82XGgk_LiNXS2yUgoz2-rJNxYyb6CE1Vkdd3PpNBLIjmmq4KAzYwnWiBAuF5SkgD8DfLcAMEj-P1PixkD79SRz7ICixzWB8aMf1p6NJDowN1wsMKvjF89URxExkQI7_6UKyVML2I9C-wLAf4-u8N2IROFz8Bb03gvx6szF-CYGkHDRd2I7yba7ZCmcqdCHQl40s7vyPilK9TlWR5pUtQmgx-Q_J5A0t-VBGZPMFTKl1UAtbrrcZU3o3zwBuYj1oXnMZhATw9vkZ21mfM5gv51nFo (Service: Eks, Status Code: 400, Request ID: bca2a7b8-049c-4389-a706-b6134341a9d8)' at 'statusMessage' failed to satisfy constraint: Member must have length less than or equal to 1024

This works well with m5.large instance.

Can you help?

Arun
asked 11 days ago29 views
3 Answers
0

Hello.

You can find out more details by checking the error message encoded with the AWS CLI command below.
Try using CloudShell to run the AWS CLI.
https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html

aws sts decode-authorization-message --encoded-message adZqtGJ8reVjCL6OQaVlbO2u7CnlAwNN2roYFHEsuasFxfSjf6WRZkzZLHY7QdxuaFD0z5QRmuQBnFmSoXMooVbunJSt5it0UlrhuIGa6Jez-6WuknxrnxwQ5GVKwIIV3GfZ-6FMkixBMBGgLYizxgpFq1x-z2lPbl1QImRDyI9QDaaECOvqVvOPhr-0NkNerv5FGRSCKOTiFmw3DX3TuPdQYkA59FLrYNiyo3bINpe11ri9RQYZkxu4gev4e76b6qFyQ27zungNT8mYxNbmyWGKFh5i5jIr8m-UY2rnEAUqFe0UXG1FSc0sot_Qx1dwt-yV8wAtiN7J0KDhN67okmQ7cL0rFsNz6k4ZWwAEGXhsM3xHfAAVBgJM4uVZetT3Zf7Yq9kp4sCssdfVmpBD_r6deE_NEErhJLPOgbxhj2RXpP62Fkt4UEi7HipR2Yv_9pPrMivzS3h-ld2K8qIBNlF1o64zz6BNtsL0os190S62N9Fu8cmVbvXDbtRpiFz7v0IuBvF0X4r_fOPK4WfMwf7J7BAQqblQL6-Eos_0eiognZhseu8HHullxQoY6beXaRfsmn919Te0P9lgfYWOgEMBa_Lekc_96H_yRkszBvj2GDhL6c_aIA-QD3jzD1Qy0AlvpYDsifpK7FycHpIeuw4gF72auOAl1hYV6_vGs7ktDkz5aBNGlZRNXRE3bpeiIMlwiVhCsrQeS0IHIIkxhoDCTyvz6UN5em6rk4jKYNMxbfjwEyJdxZ1rGcRj8UNBdVEnZAT8_zmv5-Ig5A0STva5Lt2mMhn3IlQs79sYiEuo5NthgpVk9sKPXfLgBLTgIN-v--sZjSXE29WpVyOWnhTDKy806J8tAKTOp0QyIioncvYMQMEySBTEvphsQSzyRHMQnFgyP7SnpRCo3S9ULIsrYeKSz_KOyvKIUbaHmrdARr-AmsI5RLQp0LwBb2NzkICJPDWcFKhdJEzFy2riz0RdmCSeIlDPrKrCag
profile picture
EXPERT
answered 11 days ago
profile picture
EXPERT
reviewed 6 days ago
  • Judging from the error, it looks like the command is being executed from EC2. Please execute the command from CloudShell instead of EC2. When executing from EC2, please allow "sts:DecodeAuthorizationMessage" in the IAM policy of the EC2 IAM role.

0

Getting a similar error with m5.4xlarge as well

1 validation error detected: Value 'You are not authorized to launch instances with this launch template. Encoded authorization failure message: adZqtGJ8reVjCL6OQaVlbO2u7CnlAwNN2roYFHEsuasFxfSjf6WRZkzZLHY7QdxuaFD0z5QRmuQBnFmSoXMooVbunJSt5it0UlrhuIGa6Jez-6WuknxrnxwQ5GVKwIIV3GfZ-6FMkixBMBGgLYizxgpFq1x-z2lPbl1QImRDyI9QDaaECOvqVvOPhr-0NkNerv5FGRSCKOTiFmw3DX3TuPdQYkA59FLrYNiyo3bINpe11ri9RQYZkxu4gev4e76b6qFyQ27zungNT8mYxNbmyWGKFh5i5jIr8m-UY2rnEAUqFe0UXG1FSc0sot_Qx1dwt-yV8wAtiN7J0KDhN67okmQ7cL0rFsNz6k4ZWwAEGXhsM3xHfAAVBgJM4uVZetT3Zf7Yq9kp4sCssdfVmpBD_r6deE_NEErhJLPOgbxhj2RXpP62Fkt4UEi7HipR2Yv_9pPrMivzS3h-ld2K8qIBNlF1o64zz6BNtsL0os190S62N9Fu8cmVbvXDbtRpiFz7v0IuBvF0X4r_fOPK4WfMwf7J7BAQqblQL6-Eos_0eiognZhseu8HHullxQoY6beXaRfsmn919Te0P9lgfYWOgEMBa_Lekc_96H_yRkszBvj2GDhL6c_aIA-QD3jzD1Qy0AlvpYDsifpK7FycHpIeuw4gF72auOAl1hYV6_vGs7ktDkz5aBNGlZRNXRE3bpeiIMlwiVhCsrQeS0IHIIkxhoDCTyvz6UN5em6rk4jKYNMxbfjwEyJdxZ1rGcRj8UNBdVEnZAT8_zmv5-Ig5A0STva5Lt2mMhn3IlQs79sYiEuo5NthgpVk9sKPXfLgBLTgIN-v--sZjSXE29WpVyOWnhTDKy806J8tAKTOp0QyIioncvYMQMEySBTEvphsQSzyRHMQnFgyP7SnpRCo3S9ULIsrYeKSz_KOyvKIUbaHmrdARr-AmsI5RLQp0LwBb2NzkICJPDWcFKhdJEzFy2riz0RdmCSeIlDPrKrCag (Service: Eks, Status Code: 400, Request ID: aab1e1b1-bd36-4656-90df-6027bbe639b4)' at 'statusMessage' failed to satisfy constraint: Member must have length less than or equal to 1024
Arun
answered 11 days ago
0

It gives the error:

An error occurred (AccessDenied) when calling the DecodeAuthorizationMessage operation: User: arn:aws:sts::980414361681:assumed-role/eks-workshop-ide-EksWorkshopIdeRole-HGQFezMSre3E/i-0528ef3f0a7861f7c is not authorized to perform: sts:DecodeAuthorizationMessage because no identity-based policy allows the sts:DecodeAuthorizationMessage action
Arun
answered 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions