zero-to-jupyterhub-k8s
zero-to-jupyterhub-k8s copied to clipboard
jupyterhub
AWS EKS instructions outdated: creation of role with certain policies can't be done
Bug description
In https://zero-to-jupyterhub.readthedocs.io/en/latest/kubernetes/amazon/step-zero-aws-eks.html#procedure it says create a role with the following policies:
- AmazonEKSClusterPolicy
- AmazonEKSServicePolicy
- AmazonEC2ContainerRegistryReadOnly
Expected behaviour
Choose these policies in the console
Actual behaviour
Couldn't find these policies via console clicking. e.g. AmazonEC2ContainerRegistryReadOnly
How to reproduce
In AWS console:
IAM -> Roles -> Create role -> EKS - Cluster
This only shows AmazonEKSClusterPolicy
Suggestions
per https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html AmazonEKSServicePolicy may not be needed anymore.
Could add a note that these policies are required to be created outside of the console? i.e. i'm not sure how to create AmazonEKSClusterPolicy and AmazonEC2ContainerRegistryReadOnly at the same time
Edit: The steps that I outlined below will not work. Instead it appears that we need to select EKS - Cluster from the "Use cases" (IAM -> Roles -> Create role -> EKS - Cluster).
@raybellwaves @consideRatio I was having the same issue but I noticed that if I selected EC2 (instead of EKS) for the "Use case" (IAM -> Roles -> Create role -> EC2), I was presented with a much more extensive list of policies that I can attach to this role. From this list I was able to select all three of the policies outlined in the docs (AmazonEKSClusterPolicy, AmazonEKSServicePolicy, AmazonEC2ContainerRegistryReadOnly).
Perhaps this is simply a matter of updating the ZTJH docs. I'll submit a PR for this minor fix by the end of the week :)
~~Screenshots:~~ removed based on new findings
