By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unsupported Host for AWS CLI and Boto3 inside an EKS cluster

0

I have an EKS cluster hosted in eu-west-3. This cluster has the Amazon EKS Pod Identity Agent plug-in installed, and a Pod Identity association created with a role that gives access to, between other things, Secrets Manager.

I have launched a pod in the cluster that runs sleep infinity for debugging and when trying to run kubectl exec -it POD_NAME -- aws sts get-caller-identity I get the following error:

Unsupported host '169.254.170.23'.  Can only retrieve metadata from these hosts: 169.254.170.2, localhost, 127.0.0.1

From what I know, the instance metadata is supposed to be 169.254.169.254 for EC2 instances and 169.254.170.2 for ECS, but here it's trying to connect to 169.254.170.23 which is the EKS Pod Identity Agent.

What am I doing wrong ? Have I misconfigured something ? Why is my pod unable to get its identity and access the metadata service ?

Topics
Containers
Tags
Amazon Elastic Kubernetes ServiceAmazon Elastic Container ServiceContainers
Language
English
Seluj78
asked 15 days ago302 views
1 Answer
2
Accepted Answer

I have managed to get it working using a different service account than the default one, by following this link

This one isn't clear enough in my opinion and it didn't work when I used the default service account in the default namespace. Maybe it would work with a different service account ?

Seluj78
answered 15 days ago
profile picture
EXPERT
Oleksii Bebych
reviewed 14 days ago
profile picture
EXPERT
Adeleke Adebowale J
reviewed 15 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content