future-nail-59564
01/28/2021, 3:59 PM@pulumi/eks/Cluster
, but I just realized there’s also @pulumi/aws/eks/Cluster
which seems lower-level. I’m assuming it’s simpler to use the higher-level @pulumi/eks/Cluster
because it sets up a bunch of other resources automatically for us, right?witty-candle-66007
01/28/2021, 4:21 PMconst eastRegion = new aws.Provider("east", {
profile: aws.config.profile,
region: "us-east-1", // Per AWS, ACM certificate must be in the us-east-1 region.
});
const certificate = new aws.acm.Certificate("certificate", {
domainName: config.targetDomain,
validationMethod: "DNS",
}, { provider: eastRegion });
future-nail-59564
01/28/2021, 11:24 PMeks.Cluster
using the new provider with the specific region, I get this error:
Error: providerCredentialOpts and an AWS provider instance must be set together
I see that providerCredentialOpts
property on the cluster object, with roleArn
and profileName
children, but I’m not sure what to put there. Can’t I just use the same defaults that would be used with default region?witty-candle-66007
01/28/2021, 11:32 PMfuture-nail-59564
01/29/2021, 2:29 PMCreating and using a new AWS provider instancebut I’m still unclear on what it’s expecting for
roleArn
and `profileName`… 🤔witty-candle-66007
01/29/2021, 3:03 PMfuture-nail-59564
01/29/2021, 6:26 PMkubernetes:core/v1:ConfigMap (dummyon-nodeAccess):
error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
eks:index:VpcCni (dummyon-vpc-cni):
error: Command failed: kubectl apply -f /tmp/tmp-19308DzDMtCicc4nD.tmp
unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
unable to recognize "/tmp/tmp-19308DzDMtCicc4nD.tmp": Unauthorized
pulumi
user mentioned in above code is granted AdministratorAccess
in IAM.default
profile I’m using to run Pulumi is configured with my personal Access Key, also granted AdministratorAccess
.aws-auth
ConfigMap fail.witty-candle-66007
02/01/2021, 7:18 PMfuture-nail-59564
02/01/2021, 7:48 PM