Error message about not authorized iam:CreateServiceLinkedRole IAM policy during ROSA deployment
Environment
- Red Hat OpenShift Service on AWS
- rosa cli
- v1.1.2
Issue
- When deploying your ROSA cluster using rosa cli, you met the following error messages.
level=error msg=Error: Error creating network Load Balancer: AccessDenied: User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/ManagedOpenShift-Installer-Role/1632485560814952049 is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::xxxxxxxxxxxx:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing
Resolution
- You can resolve this issue as running the following aws cmd before ROSA inastaller run.
$ aws iam create-service-linked-role --aws-service-name \
"elasticloadbalancing.amazonaws.com"
Root Cause
- It happens in new accounts that have never had an LB before.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments