How Do You Troubleshoot the kubectl Error “Access denied status code: 403”

Problem scenario
You run a kubectl command but you get this error:

"could not get token: AccessDenied: Access denied
        status code: 403, request id:
Unable to connect to the server: getting credentials: exec: exit status 1"

What should you do?

The root cause is likely that your .kube directory has an incorrect configuration file. 

Possible Solution #1
If you are not using Amazon EKS, see this posting.

Possible Solution #2
Alternatively you may want to run these commands to see what you get:

kubectl config view
aws-iam-authenticator token -i foobar # but replace "foobar" with the name of your cluster
aws sts get-caller-identity 

You may want to back up your config-foobar file in your .kube directory.   This way you can experiment with different syntax and values.  You may want to read this external page.

Possible Solution #3
If you are using Amazon EKS (a Kubernetes PaaS), run this command to generate the correct configuration file (replace "contint" with the name of the Kubernetes cluster):
aws eks update-kubeconfig --name contint

Leave a comment

Your email address will not be published. Required fields are marked *