1 Answer
- Newest
- Most votes
- Most comments
0
According to the documentation for Amazon EKS connector IAM role, you will need to create an inline policy and the trust-relationship for the AmazonEKSConnectorAgentRole
as shown below.
Please verify if your AmazonEKSConnectorAgentRole
is configured as shown below.
IAM Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SsmControlChannel",
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel"
],
"Resource": "arn:aws:eks:*:*:cluster/*"
},
{
"Sid": "ssmDataplaneOperations",
"Effect": "Allow",
"Action": [
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenDataChannel",
"ssmmessages:OpenControlChannel"
],
"Resource": "*"
}
]
}
Trust Relationship:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSMAccess",
"Effect": "Allow",
"Principal": {
"Service": [
"ssm.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
I have followed the documentation for Amazon EKS connector IAM role and I was able to register the cluster.
You can also create an issue in the AWS containers-roadmap project using this link - https://github.com/aws/containers-roadmap/issues/new/choose
Relevant content
- asked 2 years ago
- asked a month ago
- asked 2 years ago
- AWS OFFICIALUpdated 5 days ago
- AWS OFFICIALUpdated 23 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thanks for your reply. The connector role and trust relationship were already created.
Should there be any error generated when the cluster cannot be registered? It seems odd that the register button just does nothing.