Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to create EKS cluster via AWS CLI

2

I am unable to create an EKS cluster using the AWS CLI. This is preventing me from deploying my infrastructure as code (Terraform) from GitLab CI/CD.

Command executed:

aws eks create-cluster \
  --name css-bru-test \
  --version 1.35 \
  --region us-east-1 \
  --role-arn arn:aws:iam::000000000000:role/css-bru-prod-eks-cluster-role \
  --resources-vpc-config subnetIds=subnet-00f4d29a4c28fe257,subnet-026daab78111b72a9,subnet-0832cfe0f58dd614d,subnet-0ad74c7091580c76d,securityGroupIds=sg-0476ccdb01c3bce1b \
  --output json

Actual output (only AWS CLI version information):

aws-cli/2.34.48 Python/3.14.4 Linux/6.8.0-87-generic exe/x86_64.ubuntu.22

No JSON response (neither success nor error) is returned. The command appears to be ignored – only the CLI version is printed.

Additional testing: I also tried the same command from AWS CloudShell and got a similar result:

~ $ aws eks create-cluster \
>   --name css-bru-test \
>   --version 1.35 \
>   --region us-east-1 \
>   --role-arn arn:aws:iam::000000000000:role/css-bru-prod-eks-cluster-role \
>   --resources-vpc-config subnetIds=subnet-00f4d29a4c28fe257,subnet-026daab78111b72a9,subnet-0832cfe0f58dd614d,subnet-0ad74c7091580c76d,securityGroupIds=sg-0476ccdb01c3bce1b \
>   --output json
aws-cli/2.34.45 Python/3.14.4 Linux/6.1.166-197.305.amzn2023.x86_64 exec-env/CloudShell exe/x86_64.amzn.2023

The command does not produce the expected cluster creation output. There is no error message regarding missing parameters, authentication, or permissions – the CLI simply echoes its version and exits.

The strange thing is that it works this way when I use Python:

python3 - <<EOF
import boto3
import json

client = boto3.client('eks', region_name='us-east-1')

try:
    response = client.create_cluster(
        name='css-bru-test',
        version='1.33',
        roleArn='arn:aws:iam::000000000000:role/css-bru-prod-eks-cluster-role',
        resourcesVpcConfig={
            'subnetIds': [
                'subnet-00f4d29a4c28fe257',
                'subnet-026daab78111b72a9',
                'subnet-0832cfe0f58dd614d',
                'subnet-0ad74c7091580c76d'
            ],
            'endpointPublicAccess': True,
            'endpointPrivateAccess': False
        }
    )
    print(json.dumps(response['cluster'], indent=2, default=str))
except Exception as e:
    print(f"ERROR: {e}")
EOF
Topics
Management & GovernanceContainers
Tags
Amazon EKS AnywhereAWS Command Line InterfaceAmazon EKS DistroAmazon Elastic Kubernetes ServiceAmazon EKS Auto Mode
Language
English
asked a month ago58 views
4 Answers
2
Accepted Answer

Good morning,

Thank you all very much for your responses.

I identified the problem: the GitLab.com runner didn’t have access to the EKS API in that region, which was very strange. So, to fix it, I created a runner on an EC2 instance in the same account.

Best regards,

answered a month ago
2

While the suggestions regarding trailing spaces and backslashes are decent general CLI troubleshooting steps, they miss the actual syntax and configuration errors causing this behavior. The reason the AWS CLI abruptly exits and only prints its version information is due to a fatal parsing error in your command arguments.

There are two distinct issues with your AWS CLI command that do not exist in your working Python script:

1. Broken Shorthand Syntax for Complex Object Arrays

When passing multiple key-value arrays (like combining both subnetIds and securityGroupIds) inside --resources-vpc-config, the AWS CLI parser requires explicit syntax delimiters.

  • Commas (,) are used to separate items within the same list (e.g., multiple subnets).
  • Semicolons (;) and wrapping quotes must be used to separate different keys (e.g., separating subnets from security groups).

Because your command used a comma before securityGroupIds=, the CLI incorrectly tried to parse your Security Group ID as a fifth subnet, causing the parser to fail entirely.

2. Unsupported EKS Version String

In your successful Python script, you targeted --version 1.33. However, in your CLI command, you specified --version 1.35. Amazon EKS does not support a version 1.35 yet. When the CLI encounters an invalid version token alongside unquoted or broken string parsing issues, it frequently misinterprets the input and falls back to displaying the CLI binary version string instead of throwing a structured API validation error.

Corrected CLI Command

Switch to a supported EKS version (e.g., 1.32 or 1.33 depending on your requirements) and pass the VPC configuration as a clean JSON string. This avoids brittle shell shorthand syntax parsing entirely:

aws eks create-cluster \
  --name css-bru-test \
  --version 1.32 \
  --region us-east-1 \
  --role-arn arn:aws:iam::000000000000:role/css-bru-prod-eks-cluster-role \
  --resources-vpc-config '{"subnetIds":["subnet-00f4d29a4c28fe257","subnet-026daab78111b72a9","subnet-0832cfe0f58dd614d","subnet-0ad74c7091580c76d"],"securityGroupIds":["sg-0476ccdb01c3bce1b"]}' \
  --output json
EXPERT
answered a month ago
  • Riku_Kobayashi EXPERT
    a month ago

    EKS currently supports Kubernetes 1.35. Therefore, it is possible to create a cluster even with version 1.35. (2026.05.19) https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html

    The following statement is incorrect.

    2. Unsupported EKS Version String In your successful Python script, you targeted --version 1.33. However, in your CLI command, you specified --version 1.35. Amazon EKS does not support a version 1.35 yet. When the CLI encounters an invalid version token alongside unquoted or broken string parsing issues, it frequently misinterprets the input and falls back to displaying the CLI binary version string instead of throwing a structured API validation error.

0

Hello.

I was checking the syntax of the AWS CLI's "create-cluster" command, and I noticed that the "--kubernetes-version" option is used to specify the Kubernetes version.
https://docs.aws.amazon.com/cli/latest/reference/eks/create-cluster.html

--kubernetes-version (string)
The desired Kubernetes version for your cluster. If you don’t specify a value here, the default version available in Amazon EKS is used.
Note The default version might not be the latest version available.

Therefore, please modify the command as follows:
I checked my AWS account and confirmed that a cluster can be created using "--kubernetes-version".

aws eks create-cluster \
  --name css-bru-test \
  --kubernetes-version 1.35 \
  --region us-east-1 \
  --role-arn arn:aws:iam::000000000000:role/css-bru-prod-eks-cluster-role \
  --resources-vpc-config subnetIds=subnet-00f4d29a4c28fe257,subnet-026daab78111b72a9,subnet-0832cfe0f58dd614d,subnet-0ad74c7091580c76d,securityGroupIds=sg-0476ccdb01c3bce1b \
  --output json

Incidentally, please note that the "--version" option in the AWS CLI is an option to display the AWS CLI version.
https://docs.aws.amazon.com/cli/latest/reference/eks/create-cluster.html#:~:text=config/env%20settings.-,%2D%2Dversion,-(string)

--version (string)
Display the version of this tool.

EXPERT
answered a month ago
-1

The behavior you're experiencing appears to be related to how the AWS CLI is interpreting your command rather than an authentication or permissions issue. Since the Python boto3 code works successfully, this confirms that your IAM credentials and the cluster configuration itself are valid.

The issue is likely caused by the --output json parameter placement or how the CLI is parsing your multi-line command. When you see only the CLI version being printed, it often indicates that the CLI is interpreting your command as a request for version information rather than executing the actual create-cluster command.

Here are some troubleshooting steps:

  1. Try removing the --output json flag or place it immediately after the aws eks create-cluster command before other parameters.

  2. Ensure proper line continuation: When using backslashes for multi-line commands, make sure there are no trailing spaces after the backslashes, as this can cause the command to be interpreted incorrectly.

  3. Try running the command as a single line to eliminate any line continuation issues:

aws eks create-cluster --name css-bru-test --version 1.35 --region us-east-1 --role-arn arn:aws:iam::000000000000:role/css-bru-prod-eks-cluster-role --resources-vpc-config subnetIds=subnet-00f4d29a4c28fe257,subnet-026daab78111b72a9,subnet-0832cfe0f58dd614d,subnet-0ad74c7091580c76d,securityGroupIds=sg-0476ccdb01c3bce1b
  1. Verify your AWS CLI configuration by running:
aws sts get-caller-identity

This will confirm your credentials are properly configured.

Since your Python script works, you can also consider using the AWS CLI with the --debug flag to see detailed information about what's happening during command execution, which may reveal parsing or interpretation issues.
Sources
Troubleshot IAM role issues in Amazon EKS | AWS re:Post

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content