By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

WebIdentityErr during ALB deployment on EKS cluster

0

I have deployed AWS ALB controller on my EKS cluster rel 1.30 by processing as mentioned in this documention https://docs.aws.amazon.com/eks/latest/userguide/lbc-helm.html. But when I want to create ingress with internet facing annotation, ALB is not created and I have this message in my ingress ressource on EKS "Failed build model due to WebIdentityErr: failed to retrieve credentials caused by: RequestError: send request failed caused by: Post "https://sts.eu-west-1.amazonaws.com/": dial tcp: lookup sts.eu-west-1.amazonaws.com: i/o timeout" I have check also all the steps from this post https://repost.aws/knowledge-center/eks-load-balancer-webidentityerr and everything seems to be ok. Rgds.

Topics
ContainersNetworking & Content Delivery
Tags
Amazon Elastic Kubernetes ServiceElastic Load Balancing
Language
English
jmanet
asked 10 months ago819 views
1 Answer
1
Accepted Answer

The Ingress Controller needs to assume a role in order to obtain the permissions required to create the ALB.

For it to be able to assume the role it needs network connectivity to the STS service which seems missing according to the error you shared.

Your EKS worker nodes are probably deployed to a private subnet without outside connectivity.

You have 2 options to solve it:

  1. Create a NAT gateway in a public subnet and add route in your private subnet to reach 0.0.0.0/0 via the NAT gateway.
  2. Add VPC endpoint to STS service (see here)
profile pictureAWS
EXPERT
Yaniv Rozenboim
answered 10 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed 10 months ago
profile picture
EXPERT
kranthi putti
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content