search

aws-samples / hardeneks

Runs checks to see if an EKS cluster follows EKS Best Practices.
https://aws-samples.github.io/hardeneks/
MIT No Attribution
862 stars 91 forks source link

ApiException: (403) #2

Closed dazzag24 closed 1 year ago

dazzag24 commented 1 year ago 
HTTP response headers: HTTPHeaderDict({'Audit-Id': '<REDACTED>, 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid':
'<REDACTED>, 'X-Kubernetes-Pf-Prioritylevel-Uid': '<REDACTED>', 'Date': 'Tue, 13 Dec 2022 13:53:35 GMT', 'Content-Length': '271'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"namespaces is forbidden: User \"system:anonymous\" cannot list resource \"namespaces\" in API group \"\" at the cluster
scope","reason":"Forbidden","details":{"kind":"namespaces"},"code":403}

The following commands work so my access to my EKS cluster is working.

kubectl config get-contexts
aws eks list-clusters
dorukozturk commented 1 year ago

Hi @dazzag24, your current user does not have the necessary permissions to list necessary resources. 

User \"system:anonymous\" cannot list resource \"namespaces\" in API group \"\" at the cluster

I will soon create a document that would show the minimum required permissions. In the mean time can you switch to a user which has more access?

dorukozturk commented 1 year ago

Hi again,

I added some documentation around the minimal AWS and K8S permissions. Please make sure you have those apiGroups, resources and verbs for your ClusterRole.