1 個回答
- 最新
- 最多得票
- 最多評論
0
According to the documentation for Amazon EKS connector IAM role, you will need to create an inline policy and the trust-relationship for the AmazonEKSConnectorAgentRole
as shown below.
Please verify if your AmazonEKSConnectorAgentRole
is configured as shown below.
IAM Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SsmControlChannel",
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel"
],
"Resource": "arn:aws:eks:*:*:cluster/*"
},
{
"Sid": "ssmDataplaneOperations",
"Effect": "Allow",
"Action": [
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenDataChannel",
"ssmmessages:OpenControlChannel"
],
"Resource": "*"
}
]
}
Trust Relationship:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSMAccess",
"Effect": "Allow",
"Principal": {
"Service": [
"ssm.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
I have followed the documentation for Amazon EKS connector IAM role and I was able to register the cluster.
You can also create an issue in the AWS containers-roadmap project using this link - https://github.com/aws/containers-roadmap/issues/new/choose
相關內容
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
Thanks for your reply. The connector role and trust relationship were already created.
Should there be any error generated when the cluster cannot be registered? It seems odd that the register button just does nothing.