- Newest
- Most votes
- Most comments
At the first glance, this seems like permission error. Have You checked Your IAM policies and IAM roles if they are set up correctly?
Is Your cluster in US-East or US-West region or other region (step 1.a. and 1.b. of provided link)?
Is the service account created correctly (step 2. of the provided link)?
Can You provide the exact helm command that You've run - without sensitive information?
Everything You provided seems correct.
If the role created - eksctl-XXXXXX-addon-iamserviceacc-Role1-XXXXXX - has AWSLoadBalancerControllerIAMPolicy attached,, You can check this by running:
aws iam list-attached-role-policies --role-name eksctl-XXXXXX-addon-iamserviceacc-Role1-XXXXXX
If it is attached and I believe it is, try steps mentioned in comment above by Ahmad Ul Islam.
yes it is already attached... { "AttachedPolicies": [ { "PolicyName": "AWSLoadBalancerControllerIAMPolicy", "PolicyArn": "arn:aws:iam::XXXXXX:policy/AWSLoadBalancerControllerIAMPolicy" } ] }
ㅠㅠ... it's difficult .. Thank you for replying!
The error message "UnauthorizedOperation: You are not authorized to perform this operation. status code: 403" typically indicates that the AWS Load Balancer Controller does not have the necessary permissions to create or modify resources in your AWS account.
Here are a few things you can check to troubleshoot the issue:
Verify that the AWS credentials you are using to authenticate the Load Balancer Controller have the necessary permissions to create and modify resources in your AWS account.
Ensure that the IAM role associated with the Load Balancer Controller has the necessary permissions to create and modify resources in your AWS account.
Make sure that the Load Balancer Controller has the necessary permissions to access the resources specified in the Ingress resource.
If you are using an IAM Role for Service Accounts (IRSA) for authentication, check if the role is correctly associated with the LoadBalancer controller
Verify that you are running the Load Balancer Controller in the same AWS account and region as the resources it is trying to access.
Check the AWS Load Balancer Controller log for more information about the error.
If you are still having issues after going through these steps, you might want to refer to the AWS Load Balancer Controller documentation or AWS Support for further assistance.
I Solved!!!!!!
https://docs.aws.amazon.com/ko_kr/eks/latest/userguide/aws-load-balancer-controller.html => v2.4.4
I changed v2.2.0 (curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.2.0/docs/install/iam_policy.json)
It works!!!!!!
But I can't understand why the official website version is not available...
Relevant content
- AWS OFFICIALUpdated 9 months ago
- How can I troubleshoot issues when I use the AWS Load Balancer Controller to create a load balancer?AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
[Region] ap-northeast-2 1.a => curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json 1.b => aws iam create-policy
--policy-name AWSLoadBalancerControllerIAMPolicy
--policy-document file://iam_policy.json
[Policy] AWSLoadBalancerControllerIAMPolicy => https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json Node Groupd Role, Kluster Role => EC2 Full, IAM Full, CloudFormation Full, ElasticLoadBalancing Full, EKS Full ..
[Service Account] Name: aws-load-balancer-controller Namespace: XXXXXX Labels: app.kubernetes.io/managed-by=eksctl Annotations: eks.amazonaws.com/role-arn: arn:aws:iam::XXXXXX:role/eksctl-XXXXXX-addon-iamserviceacc-Role1-XXXXXX Image pull secrets: <none> Mountable secrets: <none> Tokens: <none> Events: <none>
[Helm] $helm install aws-load-balancer-controller eks/aws-load-balancer-controller
-n XXXXXX
--set clusterName=XXXXXX
--set serviceAccount.create=false
--set serviceAccount.name=aws-load-balancer-controller
--set image.repository=602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller
Thank You