Crossplane is complaining that it cannot observe external resource after creating it. To put you into context, we are running crossplane in EKS cluster and using assume-role feature to provision resources cross account. Crossplane successfully manage to create the resource but in the events it says
cannot run refresh: refresh failed: AccessDeniedException: User: arn:aws:sts::6**************5:assumed-role/provider-jet-aws-controller/1663822017293203786 is not authorized to perform: events:ListTargetsByRule on resource: arn:aws:events:eu-west-1:6**************5:rule/oms/o*************t because no identity-based policy allows the events:ListTargetsByRule action status code: 400, request id: 895b8bc1-2c4a-4510-b830-ea8c971739fd: : File name: main.tf.json
For some reason the creation of the resource cross account works, but afterwards it cannot observe it. The error message is weird because the cloud resource it's looking for is created in a different account than the one it's complaining about.
What environment did it happen in?
Crossplane version: 1.6.2
Cloud provider - AWS
Kubernetes version - 1.22
Kubernetes distribution - AWS EKS
Provider JET AWS version - v0.5.0-preview
What happened?
Crossplane is complaining that it cannot observe external resource after creating it. To put you into context, we are running crossplane in EKS cluster and using assume-role feature to provision resources cross account. Crossplane successfully manage to create the resource but in the events it says
cannot run refresh: refresh failed: AccessDeniedException: User: arn:aws:sts::6**************5:assumed-role/provider-jet-aws-controller/1663822017293203786 is not authorized to perform: events:ListTargetsByRule on resource: arn:aws:events:eu-west-1:6**************5:rule/oms/o*************t because no identity-based policy allows the events:ListTargetsByRule action status code: 400, request id: 895b8bc1-2c4a-4510-b830-ea8c971739fd: : File name: main.tf.jsonFor some reason the creation of the resource cross account works, but afterwards it cannot observe it. The error message is weird because the cloud resource it's looking for is created in a different account than the one it's complaining about.
What environment did it happen in? Crossplane version: 1.6.2
Cloud provider - AWS Kubernetes version - 1.22 Kubernetes distribution - AWS EKS Provider JET AWS version - v0.5.0-preview