AWS IAM role requirements


I’m trying to configure the deployment to use a custom service role. Looking at the docs there is no indication of what access is required by the pods or where the role should be specified in the helm chart, specifically I’m trying to deal with:

Could not create volume "pvc-f7afc20f-cb9c-4d77-84d4-4e73f6aa689f": could not create volume in EC2: UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::xxxxxxxxxx:assumed-role/default_eks_role/i-xxxxxxxxxx is not authorized to perform: ec2:CreateVolume on resource: arn:aws:ec2:us-west-2:xxxxxxxxxx:volume/* because no identity-based policy allows the ec2:CreateVolume action.

Is there a set of documents I’m missing?

Hi @shirvan , welcome to our community!

If you are using Okteto on your EKS cluster, I recommend looking at our documentation. We now include a comprehensive guide on installing Okteto in an EKS cluster and the IAM roles required for volume management.

I hope this helps!

1 Like