docs
docs copied to clipboard
cloudposse
Assume Role Forbidden by Namespace Policy Expression
what
{"addr":"100.98.35.137:54990","level":"error","method":"GET","msg":"error processing request: assume role forbidden: namespace policy expression '(empty)' forbids role 'cpco-testing-external-dns'","path":"/latest/meta-data/iam/security-credentials/cpco-testing-external-dns","status":403,"time":"2018-07-25T02:39:17Z"}
why
This is easily fixed by running...
kubectl annotate --overwrite namespace kube-system "iam.amazonaws.com/permitted=.*"
Replace namespace and roles as necessary.
