AWS::EKS::AccessEntry/AccessEntry: CREATE_FAILED ( eksctl create cluster )
luke2261git opened this issue · 1 comments
luke2261git commented
Creating new cluster using 'eksctl', it failed with the following error:
AWS::EKS::AccessEntry/AccessEntry: CREATE_FAILED
2024-02-22 06:11:20 [✖] unexpected status "ROLLBACK_COMPLETE" while waiting for CloudFormation stack "eksctl-ime-eks-accessentry-ZI7PU3RUI7Z6B6KEXJPZEMQGLVXZBMH3"
2024-02-22 06:11:20 [ℹ] fetching stack events in attempt to troubleshoot the root cause of the failure
2024-02-22 06:11:20 [✖] AWS::EKS::AccessEntry/AccessEntry: CREATE_FAILED – "Resource handler returned message: \"The specified access entry resource is already in use on this cluster. (Service: Eks, Status Code: 409, Request ID: db
17d466-dca2-4403-97e8-99bf5c3ca227)\" (RequestToken: 742fa327-f30f-677c-09bd-cf569a2cfeb8, HandlerErrorCode: AlreadyExists)"
2024-02-22 06:11:20 [!] 1 error(s) occurred and cluster hasn't been created properly, you may wish to check CloudFormation console
2024-02-22 06:11:20 [ℹ] to cleanup resources, run 'eksctl delete cluster --region=us-east-1 --name
This should have been a non-fatal error.
To recreate the issue, simply add an access policy that is already applied to account, for example:
accessPolicies: # optional access polices
- policyARN: arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy
accessScope:
type: cluster
Also, note that a reference to an existing accessEnries is fatal as well.
accessEntries:
- principalARN: arn:aws:iam::111122223333:user/my-user-name
type: STANDARD # optional Type
aws --version aws-cli/2.15.22 Python/3.11.6 Linux/6.2.9-300.fc38.x86_64 exe/x86_64.fedora.39 prompt/off
eksctl version 0.171.0
markapruett commented
eksctl is for use with Amazon EKS (managed EKS) and not EKS Distro, which is a self-managed version of Kubernetes.