The question says it all. I can't find the EKS cluster which was created by kops in the AWS console. I can, however, interact with it as the IAM user (kops-user) which I used to launch the cluster, using kops and kubectl commands. The following policies are directly attached to kops-user:
AmazonEC2FullAccess
AmazonRoute53FullAccess
AmazonS3FullAccess
IAMFullAccess
AmazonVPCFullAccess
Here was the command I used to launch the cluster:
kops create cluster \
--cloud aws \
--vpc ${VPC_ID} \
--subnets ${SUBNET1_ID},${SUBNET2_ID},${SUBNET3_ID} \
--zones ap-southeast-1a,ap-southeast-1b,ap-southeast-1c \
--networking calico \
--master-size t3.medium --master-count 1 \
--node-size t3.medium --node-count 1 \
--dns-zone dev.mgamer.io \
${CLUSTER_NAME}The Kubernetes cluster itself is working fine.
Why can't the root user see the cluster in the AWS console? How can this be fixed?
The other issue that I can't figure out is that, why does my user, kops-user, who already has all those powerful policies attached to it, is still unable to run aws eks list-clusters?
lester:hello lester$ aws sts get-caller-identity
Account: '459567475699'
Arn: arn:aws:iam::459567475699:user/kops-user
UserId: SGLJI8490SG9D3IGLSK
lester:hello lester$ aws eks list-clusters
clusters: []
lester:hello-mgamer lester$What other permission does it need?
I even tried adding a custom policy and attached it to the kops-user, with no luck:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "eks:*",
"Resource": "*"
}
]
}
Thanks a lot in advance.
Issue 1:
Issue 2