2023/12/18 01:28:20 Describe EC2 Tag Fail. Will retry the request: UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::xxx:assumed-role/yyy-workernodes/i-zzz is not authorized to perform: ec2:DescribeTags because no identity-based policy allows the ec2:DescribeTags action
The most likely cause is that the managed policy arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy is lacking said permission.
I am attempting to follow the instructions at https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContainerInsights-Prometheus-Setup.html. However the pod for Prometheus does not come up:
The most likely cause is that the managed policy
arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
is lacking said permission.