How Do You Troubleshoot “error occurred (AccessDeniedException) when calling the CreateCluster operation: User: … is not authorized to perform: iam:PassRole on resource:…”?

Problem scenario
You run this command:

aws eks create-cluster --name contint --role-arn arn:aws:iam::12345678910:role/contintrole --resources-vpc-config subnetIds=subnet-a123456,subnet-b77777777,securityGroupIds=sg-2e324234254

You get this error:

An error occurred (AccessDeniedException) when calling the CreateCluster operation: User: arn:aws:iam::12345678910:user/contintuser is not authorized to perform: iam:PassRole on resource: arn:aws:iam::12345678910:role/contintrole

What should you do?

Solution
1. Log into the AWS Console.
2. Go to IAM -> Users
3. Click on the user in question
4. Click on "Add Inline Policy"
5. Add this policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:GetRole",
                "iam:PassRole"
            ],
            "Resource": "arn:aws:iam::12345678910:role/contintrole"
        }
    ]
}

6. Click "Review Policy"
7. Enter a name
8. Click "Save policy". Wait 10 minutes for the changes to take effect.