1

While adding nodegroup to eks cluster I am getting InvalidParameterException. The full error is given below. An error occurred (InvalidParameterException) when calling the CreateNodegroup operation: Following required service principals [ec2.amazonaws.com] were not found in the trust relationships of nodeRole arn:aws:iam:::role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup

But while adding principal policies to the role I am getting This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies

The version of aws cli I am using is aws-cli/1.18.211 Python/3.8.7 Darwin/17.2.0 botocore/1.19.51

Abhinav Kumar
  • 301
  • 1
  • 3
  • 13
  • Can you show the actual policy and what are you trying to add to it? – Marcin Jan 15 '21 at 07:58
  • { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com", "AWS": "arn:aws:iam:::user/*" }, "Action": "sts:AssumeRole" } ] } – Abhinav Kumar Jan 15 '21 at 08:33
  • I'm having the same issue. `aws eks create-nodegroup --cluster-name EKS-cluster --nodegroup-name NG --subnets subnet-08f0fc71 subnet-53032a18 --node-role arn:aws:iam::xxx:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup` Gives me `An error occurred (InvalidParameterException) when calling the CreateNodegroup operation: Following required service principals [ec2.amazonaws.com] were not found in the trust relationships of nodeRole arn:aws:iam::xxx:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup` – feedthemachine Oct 06 '22 at 20:20

1 Answers1

0

In the new dashboard aws has changed the api for permissions and trust policies into 2 separate calls. So for adding trust policies you have to edit the trust and relationship tab on the far right side of the dashboard. reference image

Abhinav Kumar
  • 301
  • 1
  • 3
  • 13