Problem scenario
In the AWS Management Console, you cannot add a Node to an EKS cluster. The "Node IAM Role" never has any option. You click the "refresh" arrow, but all you see is "No roles found. Follow the link above to create a new role." What should you do?
Solution
1. Install and configure the AWS CLI. If you need assistance with this, see this posting.
2.a. Create Test-Role-Trust-Policy.json like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
2.b. Create special.json like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"iam:AmazonEKSClusterPolicy",
"iam:AmazonEKSWorkerNodePolicy",
"iam:AmazonEC2ContainerRegistryReadOnly"],
"Resource": "arn:aws:iam::1234567891011:role/contintdelete-role"
}
]
}
3. Run commands like these (but replace "contintdelete-role" with the role name of your choice, and "DELETEPOLICY" with the policy name of your choice):
aws iam create-role --role-name contintdelete-role --assume-role-policy-document file://Test-Role-Trust-Policy.json
aws iam put-role-policy --role-name contintdelete-role --policy-name DELETEPOLICY --policy-document file://special.json