Problem with IAM role

0

Greetings,

We have been trying to integrate aws ex with a third party solution (prisma cloud compute protection) for a long time. It is properly up and running EKS, however when we follow the integration steps https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/install/deploy-console/console-on-kubernetes on step 3: $ kubectl create -f twistlock_console.yaml we constantly get this error that we don't understand and can't solve:

  1. [ec2-user@ip-172-31-92-218 prisma_cloud]$ kubectl create -f twistlock_console.yaml The connection to the server localhost:8080 was refused - did you specify the right host or port?

  2. [ec2-user@ip-172-31-92-218 prisma_cloud]$ aws ex update-kubeconfig \

--region us-east-1
--name ex-cluster
--role-arn arn:aws:iam::269721186581:role/eks-cluster-polisa-new Added new context arn:aws:eks:us-east-1:269721186581:cluster/eks-cluster to /home/ec2-user/.kube/config

  1. The error we get when we repeat the command kubectl create -f twistlock_console.yaml

An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::269721186581:assumed-role/eks-worker-node-policy/i-03026de103a4602e7 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::269721186581:role/eks-cluster-polisa-new Unable to connect to the server: getting credentials: exec: executable aws failed with exit code 254 [ec2-user@ip-172-31-92-218 prisma_cloud]$

Please, help us, what to look to solve this problem. Thank you in advance

1 Answer
1

Make sure that the role is allowed to be assumed by EC2 instances with a trust profile such as this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
profile pictureAWS
EXPERT
iBehr
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions