[Bug]: prepare-environment fundamentals/storage/efs fails with User is not authorized

[justRishi]

Installation method

Own AWS account

What happened?

fundamentals eks-workshop Amazon EFS prepare environment fails, previous sections with "prepare environment" did not fail. lab : https://www.eksworkshop.com/docs/fundamentals/storage/efs/
command: prepare-environment fundamentals/storage/efs resulted in error:

ec2-user:~/environment:$ prepare-environment fundamentals/storage/efs
Refreshing copy of workshop repository from GitHub...

Resetting the environment...
Tip: Read the rest of the lab introduction while you wait!
Waiting for application to become ready...
Cleaning up previous lab infrastructure...
Creating infrastructure for next lab...
╷
│ Error: creating EFS Mount Target (fs-07848258f41ad0ca1): operation error EFS: CreateMountTarget, https response error StatusCode: 403, RequestID: 937f7fea-d656-40e1-b2c6-266d4d4cd7c4, api error AccessDeniedException: User is not authorized to perform that action on the specified resource
│ 
│   with module.lab.module.preprovision[0].aws_efs_mount_target.efsmtpvsubnet[0],
│   on lab/preprovision/main.tf line 65, in resource "aws_efs_mount_target" "efsmtpvsubnet":
│   65: resource "aws_efs_mount_target" "efsmtpvsubnet" {
│ 
╵
╷
│ Error: creating EFS Mount Target (fs-07848258f41ad0ca1): operation error EFS: CreateMountTarget, https response error StatusCode: 403, RequestID: c2e67f38-e9ed-4f97-8c4f-9431aacbc6fe, api error AccessDeniedException: User is not authorized to perform that action on the specified resource
│ 
│   with module.lab.module.preprovision[0].aws_efs_mount_target.efsmtpvsubnet[1],
│   on lab/preprovision/main.tf line 65, in resource "aws_efs_mount_target" "efsmtpvsubnet":
│   65: resource "aws_efs_mount_target" "efsmtpvsubnet" {
│ 
╵
╷
│ Error: creating EFS Mount Target (fs-07848258f41ad0ca1): operation error EFS: CreateMountTarget, https response error StatusCode: 403, RequestID: d5a077cf-61e8-46d4-aa21-fd18894b11df, api error AccessDeniedException: User is not authorized to perform that action on the specified resource
│ 
│   with module.lab.module.preprovision[0].aws_efs_mount_target.efsmtpvsubnet[2],
│   on lab/preprovision/main.tf line 65, in resource "aws_efs_mount_target" "efsmtpvsubnet":
│   65: resource "aws_efs_mount_target" "efsmtpvsubnet" {
│ 
╵
An error occurred, please contact your workshop proctor or raise an issue at https://github.com/aws-samples/eks-workshop-v2/issues
The full log can be found here: /eks-workshop/logs/action-1726570670.log

What did you expect to happen?

efs environment for lab to be created successfully

How can we reproduce it?

1. go to https://www.eksworkshop.com/docs/fundamentals/storage/efs/ (after creating the environment as explained in: https://www.eksworkshop.com/docs/introduction/setup/your-account/using-eksctl).
2. execute this in the online lab environment VS-code prepare-environment fundamentals/storage/efs

Anything else we need to know?

The previous EFS-lab sections like Amazon EBS prepare-environment went fine , as well Ingress, Load Balancers etc

EKS version

1.30

[casey-holgado]

I am also experiencing this same issue as @justRishi described above.

[niallthomson]

Thanks for the report, we'll need to look in to this. The IAM permissions look like they should allow this and our tests are succeeding so it will take some manual investigation.