Error creating IAM Role abcd-worker-role: AccessDenied
Issue
- The
IAM
role is missing some expected roles as a prerequisite step. - This is resulting in the following error.
[root@localhost file2]# openshift-install create cluster
INFO Consuming "Install Config" from target directory
INFO Creating cluster...
ERROR
ERROR Error: Error applying plan:
ERROR
ERROR 3 errors occurred:
ERROR * module.iam.aws_iam_role.worker_role: 1 error occurred:
ERROR * aws_iam_role.worker_role: Error creating IAM Role jackrack-worker-role: AccessDenied: User: arn:aws:iam::694280550618:user/jmalde is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jackrack-worker-role
ERROR status code: 403, request id: 0a915249-1973-11e9-84fa-edccb54ae93c
ERROR
ERROR
ERROR * module.bootstrap.aws_iam_role.bootstrap: 1 error occurred:
ERROR * aws_iam_role.bootstrap: Error creating IAM Role jackrack-bootstrap-role: AccessDenied: User: arn:aws:iam::694280550618:user/jmalde is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jackrack-bootstrap-role
ERROR status code: 403, request id: 0a9263be-1973-11e9-84fa-edccb54ae93c
ERROR
ERROR
ERROR * module.masters.aws_iam_role.master_role: 1 error occurred:
ERROR * aws_iam_role.master_role: Error creating IAM Role jackrack-master-role: AccessDenied: User: arn:aws:iam::694280550618:user/jmalde is not authorized to perform: iam:TagRole on resource: arn:aws:iam::694280550618:role/jackrack-master-role
ERROR status code: 403, request id: 0a92d8f1-1973-11e9-84fa-edccb54ae93c
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR Terraform does not automatically rollback in the face of errors.
ERROR Instead, your Terraform state file has been partially updated with
ERROR any resources that successfully completed. Please address the error
ERROR above and apply again to incrementally change your infrastructure.
ERROR
ERROR
FATAL failed to fetch Cluster: failed to generate asset "Cluster": failed to create cluster: failed to apply using Terraform
[root@localhost file2]#
- How could the user assure that the IAM user has a complete set of access so that the installer finishes the installation without errors?
Environment
- Red Hat OpenShift Container Platform 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.