SessionName did not contain an instance id

Question

SessionName did not contain an instance id

haarchri opened this issue 3 years ago · 0 comments

we have running a central eks-cluster with crossplane provider-aws enabled in Account A (with IRSA)and will deploy a eks-cluster in Account B - we using assumeRoleArn https://github.com/crossplane/provider-aws/blob/master/pkg/clients/aws.go#L319-L323

provisioning in Account B is working but creating a working kubeconfig is not working - everytime we get Unauthorized we can see the following issue in athenticator cloudwatch log:

time="2022-01-07T18:47:39Z" level=warning msg="access denied" arn="arn:aws:iam::REDACTED:role/crossplane-test" client="127.0.0.1:57752" error="failed mapping username: SessionName did not contain an instance id" method=POST path=/authenticate sts=sts.ap-northeast-1.amazonaws.com

any idea what is the problem ?