You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I started using the iam-role-for-service-accounts-eks module to create a role for aws-lb-controller deployment. Ingress deployment works fine but when trying to modify an existing ingress the controller throws the below permission errors:
{"level":"error","ts":1645201526.94589,"logger":"controller-runtime.manager.controller.ingress","msg":"Reconciler error","name":"example-internal","namespace":"","error":"AccessDenied: User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/example/111111111111111111 is not authorized to perform: elasticloadbalancing:ModifyListener on resource: arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxx:listener/app/example/example because no identity-based policy allows the elasticloadbalancing:ModifyListener action\n\tstatus code: 403, request id: xxxxxx-xxxxxxx-xxxxx"}
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
Hi, I started using the
iam-role-for-service-accounts-eks
module to create a role for aws-lb-controller deployment. Ingress deployment works fine but when trying to modify an existing ingress the controller throws the below permission errors:The policies mentioned in the controller's official documentation seem to be slightly different compared to the ones deployed by the module: https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/694a0b14184e388806f9f34be0dd9075aa8fb0a7/docs/install/iam_policy.json
Versions
Reproduction
Steps to reproduce the behavior:
Expected behavior
Controller should update ALB rules without any errors.
Actual behavior
Controller throws permission error (see above)
Thanks!
The text was updated successfully, but these errors were encountered: