Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Problem: Cannot execute kubectl get <something> Error:

error: the server doesn't have a resource type "something"
OR
Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
OR
could not get token: AccessDenied: Access denied status code: 403

Solution: When you create the cluster you were using eksworkshop-admin role.

Edit trust relationship of eksworkshop-admin role, and add something like "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/<USERNAME>" in the Principal

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com",
        "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/admin"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
$ aws sts assume-role --role-arn  arn:aws:iam::XXXXXXXXXXXX:role/eksworkshop-admin --role-session-name test

{
    "AssumedRoleUser": {
        "AssumedRoleId": "XXXXXXXXXXXX:test",
        "Arn": "arn:aws:sts::XXXXXXXXXXXX:assumed-role/eksworkshop-admin/test"
    },
    "Credentials": {
        "SecretAccessKey": "4kS0Yn7/e77Mv1lvJDvJYMPXjIyILFhQm1qC6Hx5",
        "SessionToken": "FQoGZXIvYXdzEBgaDMPJZu+rSo2iwPcbbSLoAbhpXvv3bWLlUcA+rydR0UDXvoQWxCHXY4tKidh+6UQ2KfFn/TU3nMfT84bPrnwTuMqCB/VUl8r319r9sA152KeR6igLkpj7Gkl5AXhvbceCoMy+9E3gSlgyyvbsNquZkVmnOb7cTJOTxChsl3y3ATvES87GAa8k4rSMcBJPawcvoLu8dDFrHL4KQzxINJHB3iaiHamMB48lB8e9O4QANj8qfnD2U9jcLhG8DYqPEi+gfA9LK9kNQlw0dyOX2MoM5Joy4sXzY9B+4ZJsEHeAxCNfavO7Y+TA45ONiSv/qKw9LcSP/qZHrGwo6PK75gU=",
        "Expiration": "2019-05-05T15:55:36Z",
        "AccessKeyId": "ASIA2HBXB5ZZONJQUD6Y"
    }
}
You can’t perform that action at this time.