search

aws-quickstart / cdk-eks-blueprints

AWS Quick Start Team
Apache License 2.0
446 stars 198 forks source link

(EksBlueprint.builder): (nodeRole service principals error in China Region ) #558

Open tyyzqmf opened 1 year ago

tyyzqmf commented 1 year ago

Describe the bug

create eks in china region(cn-northwest-1) use this code:

    const blueprint = blueprints.EksBlueprint.builder()
      .addOns()
      .teams()
      .build(scope, id+'-eks-blueprints-stack');

It report error: Following required service principals [ec2.amazonaws.com.cn] were not found in the trust relationships of nodeRole arn:aws-cn****

I found the nodeRole in IAM:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Expected Behavior

create node group error

Current Behavior

4:09:59 PM | CREATE_FAILED        | AWS::EKS::Nodegroup                   | QuickstartStack2ek...sstackngng2FD218EB
Resource handler returned message: "Following required service principals [ec2.amazonaws.com.cn] were not found in the trust relation
ships of nodeRole arn:aws-cn:iam::6990*****31:role/QuickstartStack2-eks-blue-QuickstartStack2eksbluep-1RF9XFQCGDOU4 (Service: Eks, S
tatus Code: 400, Request ID: dada9c90-8b3a-4ca9-a31b-9ad6de9eb229)" (RequestToken: b9259236-dc5b-7ea3-8672-2e6fc51570fc, HandlerError
Code: InvalidRequest)

Reproduction Steps

Operate according to document: getting-started

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.51.1 (build 3d30cdb)

EKS Blueprints Version

1.5.2

Node.js Version

v16.19.0

Environment details (OS name and version, etc.)

ubuntu

Other information

No response

shapirov103 commented 1 year ago

Thank @tyyzqmf, we will take a look. I assume just general testing again China regions is needed.

DawnElixir commented 1 year ago

Hi team, we have encountered this issue as well. I can confirm the principal of ec2 in China region is "ec2.amazonaws.com.cn". Please help fix this, otherwise eks blueprints is unable to work in China region.

elamaran11 commented 11 months ago

@DawnElixir Please confirm if you still face this issue. The ticket is open for sometime.