An error occurred (AccessDeniedException) when calling the CreateCluster operation: Cross-account pass role is not allowed.

I assume you’re trying to create an ECS cluster?

Iamfullaccess only allows you to create delete manage users groups policies. Etc all in the realm of IAM

Your user will need access to the service where you’re trying to create said cluster.

Let me know what your trying to create and can help out with permissions

The error you're encountering suggests that there's an issue with passing a role across AWS accounts, even though you're working within a single personal account. This indicates that the problem might be related to how the role is being passed or how the AWS CLI is configured, rather than the IAM permissions themselves.

Here are a few things to check and try:

1. AWS CLI Configuration: Ensure that your AWS CLI is correctly configured with the right credentials for your personal account. You can verify this by running 'aws configure list' to see which profile and credentials are being used.

2. IAM Role ARN: Check if the role ARN you're trying to pass in your CreateCluster operation is correct and belongs to your account. The error suggests that the system thinks you're trying to pass a role from a different account.

3. IAM Policy for PassRole: While you have IAMFullAccess, it's worth double-checking if there are any restrictions on the iam:PassRole action. You might want to explicitly add this permission to your policy if it's not already there.

4. AWS CLI Version: Ensure you're using the latest version of the AWS CLI. Older versions might have bugs that could cause this type of error.

5. Temporary Credentials: If you're using temporary credentials (e.g., from assuming a role), make sure they haven't expired.

6. Clear AWS CLI Cache: Try clearing the AWS CLI cache by deleting the ~/.aws/cli/cache directory.

7. Use AWS CloudShell: As an alternative to your local environment, try running the same command in AWS CloudShell to see if the issue persists.

If none of these steps resolve the issue, you may want to double-check the exact command or script you're using to create the cluster, ensuring all parameters are correct and belong to your account. If the problem continues, it might be worth contacting AWS support for further assistance, as this error doesn't seem to align with the permissions you've described.
Sources
Resolve the IAM error "not authorized to perform iam:PassRole" | AWS re:Post
Troubleshooting AWS Entity Resolution identity and access - AWS Entity Resolution
Troubleshooting AWS Parallel Computing Service identity and access - AWS PCS

The error message means that one of the IAM roles you're specifying for your cluster is not from your account. One simple possibility could be that you might have copied a CLI command or the input for one from somewhere else, perhaps a blog post, and it references a role ARN that isnt' yours.

I suggest you first open the CloudTrail console. Make sure that the region selection in the upper right-hand corner of the screen matches the region where you were creating the cluster. Open the "event history" view. In the "lookup attributes" dropdown, select Event name, and in the text box next to it, enter CreateCluster and hit Enter.

This will show all API calls to CreateCluster in the selected region over the past 90 days. You'll probably only see a few for the attempts you made. Click open the latest event. The details will be shown in JSON format. Find the property roleArn. It's typically of the form arn:aws:iam::000000000000:role/SomeRoleName. Check if the string of 12 digits (000000000000 in my example) is the ID your AWS account. If not, then the role ARN came from somewhere outside your environment and you can't use it.

You'll need to create an appropriate role for your cluster and specify it in the roleArn parameter passed to CreateCluster. Instructions for creating the role are in this documentation article: https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html#_step_1_create_cluster_iam_role