EKS install requires specific undocumented permissions

I am trying to install a EKS cluster. I am running in a least Privilege mode and as such I am trying to use only what is mentioned in the documentation (EKS documentation and Rancher Creating an EKS Cluster ).

I have the following error that leads me to think that there are some required permissions that are not documented

Error creating stack: error creating master: AccessDenied: User: <redacted> is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-west-2:617256414652:stack/c-tdhj8-eks-vpc/* status code: 403, request id: <redacted>; waiting on cluster-provisioner-controller

Any documentation on what is really required?

2 Likes

Yep, running into this as well. There are a significant number of required permissions for deploying an EKS cluster with Rancher that aren’t documented.

bump! Any answer to this?