EKS "User Guide," "Quickstart," "Step 2: Create the cluster" permissions and timeout

Question

## Questions

* Are the permissions needed for developers to create EKS cluster documented somewhere?
* Is there some step that could be performed to get the "Quickstart" cluster to be created without timing out?

## Background

The EKS "User Guide," "Quickstart," "[Step 2: Create the cluster](https://docs.aws.amazon.com/eks/latest/userguide/quickstart.html#quickstart-create-cluster)" step cannot be completed as documented.

First, there is no documentation on the set of Policy permissions that need to be granted to a user for them to work with EKS. The documentation makes use of `eksctl` and that has documentation for "[Minimum IAM policies](https://eksctl.io/usage/minimum-iam-policies/)." However, the reader must figure that out via independent research. The "User Guide" should specify how to configure an IAM Identity Center account so that it can complete the "Quickstart."

Next, assuming the `eksctl` documentation for IAM Policies is adequate, executing the following fails with a timeout:

```
eksctl create cluster -f cluster-config.yaml
```
...
```
2024-08-29 16:51:42 [✖]  exceeded max wait time for StackCreateComplete waiter
Error: failed to create cluster "web-quickstart"
```
My expectation was that the "Quickstart" documentation would have been exercised by at least someone else by now.

## References

* The answer to https://repost.aws/questions/QU0eGC5uGlTaeJsY3E_JAicw/unable-to-create-eks-cluster does not work. Accounts with AmazonEKSClusterPolicy are still unable to create clusters due to lack of access across EC2 and IAM.

Praveen Muppala · Accepted Answer

Hi -

#### Permissions for EKS Cluster Creation

The IAM Policy requirements for creating an EKS cluster are covered in the eksctl documentation, which is linked from the AWS EKS User Guide. Specifically, the **eksctl** [installation](https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html#eksctl-install-update) page redirects users to the required policies through this [installation guide](https://eksctl.io/installation/). However, I agree that this information should be more clearly documented within the AWS EKS User Guide itself to reduce the need for external references.

#### Timeout Issue When Creating EKS Cluster
It is often related to a failure in one or more components within the CloudFormation stack. **eksctl** creates a CloudFormation stack behind the scenes, so the failure might be occurring there.

To troubleshoot this issue:
1. Go to the **CloudFormation Console** and review the events for the failed stack.
2. Look for any specific errors or components that failed during creation (e.g., VPC, IAM roles, or EC2 instances).
3. Based on the error, you can further investigate and adjust the configuration in your YAML file or IAM policies.

#### Example Configurations

There are several sample `eksctl` configuration YAML files that you can use as a reference. You can find them [here on GitHub](https://github.com/eksctl-io/eksctl/tree/main/examples). Modify these examples to fit your specific requirements, and then retry creating the cluster.

#### Additional Troubleshooting Resources

Other users have encountered similar issues when creating EKS clusters with eksctl. For example, you can refer to this [discussion](https://repost.aws/questions/QUNpyThKIwSwuAFjBefEeMJg/encountering-error-when-using-eksctl-to-create-a-node-group-exceeded-max-wait-time-for-stackcreatecomplete-waiter), which provides a deeper dive into resolving the timeout issue by reviewing the CloudFormation events and configuration files.

EKS "User Guide," "Quickstart," "Step 2: Create the cluster" permissions and timeout

Questions

Background

References

Permissions for EKS Cluster Creation

Timeout Issue When Creating EKS Cluster

Example Configurations

Additional Troubleshooting Resources

Relevant content