UnauthorizedOperation Error with Cluster Autoscaler in EC2 using VPC Endpoint


Hello AWS Support, I am encountering an authorization issue while trying to use the Cluster Autoscaler in my EC2 environment using a VPC endpoint (I’ve taken out the account id for security purposes and just labeled it <account-id>). The specific error message I received is as follows:

F0505 04:27:23.493504 1 aws_cloud_provider.go:455] Failed to create AWS Manager: unable to retrieve instance requirements from mixed instance policy, err: UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::<account-id>:assumed-role/cluster-autoscaler/1714883243188836556 is not authorized to perform: ec2:DescribeLaunchTemplateVersions because no VPC endpoint policy allows the ec2:DescribeLaunchTemplateVersions action.

Here are the details of the environment and configuration:

  • Role ARN: arn:aws:sts::<account-id>:assumed-role/cluster-autoscaler/1714883243188836556
  • Current VPC Endpoint Policy:json

{ "Statement": [ { "Action": "*", "Effect": "Allow", "Principal": "*", "Resource": "arn:aws:*:*:<account-id>:*" } ], "Version": "2012-10-17" } 

This policy is intended to allow all actions on all resources within the <account-id> account.

Could you please help me understand why this error is occurring even though the policies should allow the action? Also, could you advise on what changes need to be made either to the IAM role or the VPC endpoint policy to resolve this issue?

Thank you for your assistance.

1 Answer

Unfortunately, re:Post is not manned by AWS support. It is a community forum where all answers are provided by registered members of the community like yourself. That said, some of the members are AWS employees and we try to help as best as possible.

With that said, I think you are using AutoScaler with EKS. Please see this link for the needed IAM policy: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": ["*"]
      "Effect": "Allow",
      "Action": [
      "Resource": ["*"]

Hope this helps!

profile pictureAWS
answered 11 days ago
profile picture
reviewed 10 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions