Simply following another exercise, where due to the age of the presentation the materials are out of date. During cluster creation I get the following error:
You are not allowed to pass the role arn:aws:iam::...:role/eksctl-corp-eks-cluster-cluster-ServiceRole-AHXkuur5AWUm (Service: Eks, Status Code: 400, Request ID: ...)" (RequestToken: ..., HandlerErrorCode: InvalidRequest
After much search and many hours on AWS service, costing me pretty pennies, I can only find a similar "solution" at: https://repost.aws/questions/QUoj76LPndQdi8LAKQV37BMw/couldn-t-able-to-create-eks-cluster-due-to-the-following-error-you-are-not-allowed-to-pass-the-role-arn-aws-iam-401231317770-role-eksclusterrole.
However, trying to follow the above solution I can not create a proper user.
The manifest file for creating the cluster:
<p>
$ cat corp-eks-cluster.yaml
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: corp-eks-cluster
region: us-west-2
version: "1.27"
managedNodeGroups:
- name: nodegroup
desiredCapacity: 3
instanceType: t3.small
cloudWatch:
clusterLogging:
enableTypes:
- "controllerManager"
iam:
withOIDC: true
serviceAccounts:
- metadata:
name: dynamodb-read-only
attachPolicyARNs:
- "arn:aws:iam::...:policy/eks-directory-service"
</p>