Tut 130: Is there an alternative to use aws_iam_openid_connect_provider?

Question

Tut 130: Is there an alternative to use aws_iam_openid_connect_provider?

markusgerman opened this issue a year ago · 1 comments

I have the following error because my policies do not allow me to use OpenIDConnectProvider.
Is there an alternative?

Error: creating IAM OIDC Provider: AccessDenied: User: arn:aws:sts::XXXXXX:assumed-role/AWSReservedSSO_PowerUserAccess_7cXXXX0/xxxx@XXX.com is not authorized to perform: iam:CreateOpenIDConnectProvider on resource: arn:aws:iam::XXXXXXXX:oidc-provider/oidc.eks.eu-central-1.amazonaws.com/id/XXXXX because no identity-based policy allows the iam:CreateOpenIDConnectProvider action
│ status code: 403, request id: XXXXX
│
│ with aws_iam_openid_connect_provider.eks,
│ on 8-iam-oidc.tf line 5, in resource "aws_iam_openid_connect_provider" "eks":
│ 5: resource "aws_iam_openid_connect_provider" "eks" {

Answer 1 · 2024-03-21T06:28:56.000Z

Sorry for the late reply. Yes, you can attach IAM policies directly to the nodes instead of using an OpenID Connect provider.