aws-quickstart
(EksBlueprint.builder): (nodeRole service principals error in China Region )
Describe the bug
create eks in china region(cn-northwest-1) use this code:
const blueprint = blueprints.EksBlueprint.builder()
.addOns()
.teams()
.build(scope, id+'-eks-blueprints-stack');
It report error:
Following required service principals [ec2.amazonaws.com.cn] were not found in the trust relationships of nodeRole arn:aws-cn****
I found the nodeRole in IAM:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Expected Behavior
create node group error
Current Behavior
4:09:59 PM | CREATE_FAILED | AWS::EKS::Nodegroup | QuickstartStack2ek...sstackngng2FD218EB
Resource handler returned message: "Following required service principals [ec2.amazonaws.com.cn] were not found in the trust relation
ships of nodeRole arn:aws-cn:iam::6990*****31:role/QuickstartStack2-eks-blue-QuickstartStack2eksbluep-1RF9XFQCGDOU4 (Service: Eks, S
tatus Code: 400, Request ID: dada9c90-8b3a-4ca9-a31b-9ad6de9eb229)" (RequestToken: b9259236-dc5b-7ea3-8672-2e6fc51570fc, HandlerError
Code: InvalidRequest)
Reproduction Steps
Operate according to document: getting-started
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.51.1 (build 3d30cdb)
EKS Blueprints Version
1.5.2
Node.js Version
v16.19.0
Environment details (OS name and version, etc.)
ubuntu
Other information
No response
Thank @tyyzqmf, we will take a look. I assume just general testing again China regions is needed.
Hi team, we have encountered this issue as well. I can confirm the principal of ec2 in China region is "ec2.amazonaws.com.cn". Please help fix this, otherwise eks blueprints is unable to work in China region.
@DawnElixir Please confirm if you still face this issue. The ticket is open for sometime.
