Closed shaunofneuron closed 1 month ago
cc: @jmgalvez thanks for the original issue
This issue has been resolved in version 5.42.0 :tada:
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Is your request related to a new offering from AWS?
Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.
Is your request related to a problem? Please describe.
The VPC CNI Policy in
policies.tf
is missing permissions when AWS VPC CNI Network Policy logs are enabled. When enabled, a second container is added to theaws-node
pod for a node agent, which requires CloudWatch logs permissions. Without these permissions,aws-node
enters a CrashLoopBackOff state.Describe the solution you'd like.
Add the following CloudWatch Logs permissions to the policy file:
Describe alternatives you've considered.
There are no viable alternatives that allow the
aws-node
pod to function correctly without the required permissions for CloudWatch Logs.Additional context
I am creating the EKS cluster using the AWS EKS Terraform module 20.8.5. Here’s an example configuration:
This other related but closed issue contained most of what I included in this, perhaps it can get some traction this time since I am unable to re-open closed issues.