need lambda:GetAccountSettings permissions ?

[mozai]

Launched aws-service-quotas-exporter into a kubernetes pod, with a serviceAccount that has the permissions described in the readme.md, but it fails with the following error:

Could not retrieve quotas and limits: AccessDeniedException: User: arn:aws:sts::[acctnum]:assumed-role/eksctl-[clustername]-addon-iamserviceacc-Role1-KKHu7zswQa1L/1716930424430393929 is not authorized to perform: lambda:GetAccountSettings on resource: * because no identity-based policy allows the lambda:GetAccountSettings action
status code: 403

I can guess readme.md hasn't been updated since you added main/servicequotas/lambda_limits.go .

more details:

command line: aws-service-quotas-exporter --port=9090
envvars:
AWS_STS_REGIONAL_ENDPOINTS: regional
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
AWS_ROLE_ARN: arn:aws:iam::[acctnum:role/eksctl-[clustername]-addon-iamserviceacc-Role1-KKHu7zswQa1L
AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token

permissions in eksctl-[clustername]-addon-iamserviceacc-Role1-KKHu7zswQa1L include:

{ "Statement": [
        { "Action": [
                "autoscaling:DescribeAutoScalingGroups",
                "cloudwatch:Describe*",
                "cloudwatch:Get*",
                "cloudwatch:List*",
                "ec2:Describe*",
                "servicequotas:ListServiceQuotas",
                "tag:GetResources"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ],
    "Version": "2012-10-17" }