OpenShift Container Platform 4 Installation fails on AWS with "current credentials insufficient for performing cluster installation"

Solution Verified - Updated -

Issue

  • When using an AWS account with Service Control Policies, the installation fails.

  • When attempting to install OpenShift Container Platform 4.4 on AWS with a restricted AWS account, the installer fails with the following error message:

    DEBUG   Fetching Platform Permissions Check...     
DEBUG     Fetching Install Config...               
DEBUG     Reusing previously-fetched Install Config 
DEBUG   Generating Platform Permissions Check...   
WARNING Action not allowed with tested creds          action="ec2:AllocateAddress"
WARNING Action not allowed with tested creds          action="ec2:AssociateAddress"
WARNING Action not allowed with tested creds          action="ec2:AuthorizeSecurityGroupEgress"
[..]
WARNING Action not allowed with tested creds          action="s3:DeleteObject"
WARNING Action not allowed with tested creds          action="tag:GetResources"
WARNING Tested creds not able to perform all requested actions 
FATAL failed to fetch Cluster: failed to fetch dependency of "Cluster": failed to generate asset "Platform Permissions Check": validate AWS credentials: current credentials insufficient for performing cluster installation

Environment

  • Red Hat OpenShift Container Platform (OCP) 4.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content