search

aws-quickstart / cdk-eks-blueprints

AWS Quick Start Team
Apache License 2.0
454 stars 205 forks source link

(addons-karpenter): Missing pricing:GetProducts action in ControllerPolicy #463

Closed javydekoning closed 2 years ago

javydekoning commented 2 years ago

Describe the bug

Karpenter IAM Policy is missing pricing:GetProducts

2022-08-08T15:10:37.441Z    ERROR   controller.aws.pricing  updating on-demand pricing, AccessDeniedException: User: arn:aws:sts::123456789012:assumed-role/ekslabstackekslabEE6B7060-ekslabblueprintsaddonkar-7NC577VYBCPK/1659971436951796918 is not authorized to perform: pricing:GetProducts because no identity-based policy allows the pricing:GetProducts action
    status code: 400, request id: 9a1d2b4e-da76-420c-8f3b-5d184e83c4b0; AccessDeniedException: User: arn:aws:sts::123456789012:assumed-role/ekslabstackekslabEE6B7060-ekslabblueprintsaddonkar-7NC577VYBCPK/1659971436951796918 is not authorized to perform: pricing:GetProducts because no identity-based policy allows the pricing:GetProducts action
    status code: 400, request id: 23e4af19-01dc-4cfe-9a1f-38a1d201c61c, using existing pricing data from 07 Jul 22 10:58 -0500  {"commit": "062a029"}

https://github.com/aws-quickstart/cdk-eks-blueprints/blob/main/lib/addons/karpenter/iam.ts

Expected Behavior

Karpenter should not throw AccessDenied in controller logs

Current Behavior

It throws access denied.

Reproduction Steps

Deploy Karpenter AddOn, then tail logs:

kubectl logs blueprints-addon-karpenter-xxx -n karpenter

Possible Solution

Add action to policy

Additional Information/Context

No response

CDK CLI Version

Not Relevant

EKS Blueprints Version

1.1.0

Node.js Version

v18.7.0

Environment details (OS name and version, etc.)

Mac

Other information

No response

shapirov103 commented 2 years ago

@javydekoning is your issue addressed?

javydekoning commented 2 years ago

Yes, this is fixed in the latest release