aws-minikube icon indicating copy to clipboard operation
aws-minikube copied to clipboard

Published 20 hours ago verified publisher icon scholzj

not authorized to perform: iam:CreateServiceLinkedRole

Open joshuarestivo opened this issue 1 year ago • 0 comments

I was receiving the following error within the kubernetes service when it was attempting to deploy an ELB from a kubernetes_ingress_v1 resource.

Warning SyncLoadBalancerFailed 2m49s service-controller Error syncing load balancer: failed to ensure load balancer: AccessDenied: User: arn:aws:sts::XXXXXXXXXXXXX:assumed-role/my-minikube/i-0a921073fe8c4d39f is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::XXXXXXXXXXXXX:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing because no identity-based policy allows the iam:CreateServiceLinkedRole action

Manually creating the following policy and attaching it to the role created by aws-minikube resolved the issue:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
                }
            }
        }
    ]
}

joshuarestivo avatar Sep 08 '23 14:09 joshuarestivo