Hey everyone! :wave: I’m trying to create an EKS ...
# aws
Hey everyone! 👋 I’m trying to create an EKS cluster in a specific region, but I can’t see where to specify the region… 🤔 I thought maybe we had to create a VPC explicitly with that region, but even then I can’t figure how to specify the region for the VPC. Any hint? 😁
Oh, and btw, I’m using
, but I just realized there’s also
which seems lower-level. I’m assuming it’s simpler to use the higher-level
because it sets up a bunch of other resources automatically for us, right?
OK, I think I will need a different AWS provider for each region… 🤔
Presumably, this region is different than the default region set in your stack config. In which case, you can programmatically create a new provider where you specify the region. E.g.:
Copy code
const eastRegion = new aws.Provider("east", {
        profile: aws.config.profile,
        region: "us-east-1", // Per AWS, ACM certificate must be in the us-east-1 region.

    const certificate = new aws.acm.Certificate("certificate", {
        domainName: config.targetDomain,
        validationMethod: "DNS",
    }, { provider: eastRegion });
Right 🙂
Thanks @witty-candle-66007! However, now when I try to create a new
using the new provider with the specific region, I get this error:
Copy code
Error: providerCredentialOpts and an AWS provider instance must be set together
I see that
property on the cluster object, with
children, but I’m not sure what to put there. Can’t I just use the same defaults that would be used with default region?
Thanks Mitch, yes I had seen that section, but was not sure what it really meant and if it really applied here. I guess it does, because of this:
Creating and using a new AWS provider instance
but I’m still unclear on what it’s expecting for
and `profileName`… 🤔
Here are the eks examples: https://github.com/pulumi/pulumi-eks/tree/master/examples The aws-profile-role and aws-profile examples may help. I think profileName in this context refers to a profile set up with the aws cli (found under ~/.aws).
Thanks once more @witty-candle-66007, I’m looking into those examples right now! 👍
Good Monday @witty-candle-66007! I have made progress on that front, but getting other permission errors during EKS cluster creation:
Copy code
kubernetes:core/v1:ConfigMap (dummyon-nodeAccess):
    error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials

  eks:index:VpcCni (dummyon-vpc-cni):
    error: Command failed: kubectl apply -f /tmp/tmp-19308DzDMtCicc4nD.tmp
    unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
    unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
    unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
    unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
    unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
Here’s an excerpt from my pulumi code, here above👆
user mentioned in above code is granted
in IAM.
And the AWS
profile I’m using to run Pulumi is configured with my personal Access Key, also granted
All other resources, including the EKS cluster itself get created successfully. Only the creation of the VPC CNI and the
ConfigMap fail.
Any idea what could be going wrong? 🤔
I asked the team to take a look as well and it’s not obvious what the issue is. The error message appears to be indicating that you can’t authenticate to the k8s cluster from your deployment machine. But if you are using your personal admin-level key, it seems like that shouldn’t be the case.
Thanks a lot for looking into that, really appreciated! 👍
Hey @witty-candle-66007, here’s a stripped down minimal project that reproduces the issue. Thank you so much for looking into that! 🙂