Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[aws-eks] missing IAM permissions when creating EKS cluster resource #7163

Closed
jameszh opened this issue Apr 3, 2020 · 1 comment · Fixed by #7302
Closed

[aws-eks] missing IAM permissions when creating EKS cluster resource #7163

jameszh opened this issue Apr 3, 2020 · 1 comment · Fixed by #7302
Assignees
@eladb @iliapolo
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service bug This issue is a bug. p1

Comments

@jameszh
Copy link

jameszh commented Apr 3, 2020

If you have created tags using core.Tag.add, and then do eks_cluster.add_fargate_profile(...), the creation of fargate profile will fail, as it will complain it doesn't have eks:TagResource (eks:UntagResource).

But if you remove the core.Tag.add statements, eks_cluster.add_fargate_profile will succeed.

Reproduction Steps

Add some tags using core.Tag.add, and try to add_fargate_profile.

I think eks:TagResource and eks:UntagResource need to be added in https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-eks/lib/cluster-resource.ts

Error Log

Environment

  • **CLI Version : 1.31.0
  • **Framework Version: 1.31.0
  • OS :
  • Language :

Other

This is 🐛 Bug Report
@jameszh jameszh added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 3, 2020
@SomayaB SomayaB added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Apr 3, 2020
@eladb
Copy link
Contributor

eladb commented Apr 5, 2020

Thanks for the bug report. Should be fairly easy to fix if you are interested in contributing.

@eladb eladb added the p1 label Apr 5, 2020
shivlaks added a commit that referenced this issue Apr 10, 2020
@shivlaks
fix(eks): missing permissions to add and remove tags when creating EK…
d150826 
…S cluster resource

Added missing permissions for `eks:TagResource` and `eks:UntagResource`.
Updated unit and integ test expectations to include the added permissions.

Closes #7163
@shivlaks shivlaks mentioned this issue Apr 10, 2020
Merged
@mergify mergify bot closed this as completed in #7302 Apr 10, 2020
mergify bot pushed a commit that referenced this issue Apr 10, 2020
@shivlaks
fix(eks): missing permissions to add and remove tags when creating EK…
b14172d 
…S cluster resource (#7302)

Added missing permissions for `eks:TagResource` and `eks:UntagResource`.
Updated unit and integ test expectations to include the added permissions.

Closes #7163
@iliapolo iliapolo changed the title missing IAM permissions when creating EKS cluster resource [aws-eks] missing IAM permissions when creating EKS cluster resource Aug 16, 2020
@iliapolo iliapolo removed the needs-triage This issue or PR still needs to be triaged. label Aug 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eladb eladb

@iliapolo iliapolo

Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service bug This issue is a bug. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(eks): missing permissions to add and remove tags for clusters aws/aws-cdk
4 participants
@eladb @iliapolo @jameszh @SomayaB