Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(EksBlueprint.builder): (nodeRole service principals error in China Region ) #558

Open
tyyzqmf opened this issue Dec 23, 2022 · 3 comments
Open

(EksBlueprint.builder): (nodeRole service principals error in China Region ) #558

tyyzqmf opened this issue Dec 23, 2022 · 3 comments
Labels
bug Something isn't working

Comments

@tyyzqmf
Copy link

tyyzqmf commented Dec 23, 2022

Describe the bug

create eks in china region(cn-northwest-1) use this code:

    const blueprint = blueprints.EksBlueprint.builder()
      .addOns()
      .teams()
      .build(scope, id+'-eks-blueprints-stack');

It report error:
Following required service principals [ec2.amazonaws.com.cn] were not found in the trust relationships of nodeRole arn:aws-cn****

I found the nodeRole in IAM:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Expected Behavior

create node group error

Current Behavior

4:09:59 PM | CREATE_FAILED        | AWS::EKS::Nodegroup                   | QuickstartStack2ek...sstackngng2FD218EB
Resource handler returned message: "Following required service principals [ec2.amazonaws.com.cn] were not found in the trust relation
ships of nodeRole arn:aws-cn:iam::6990*****31:role/QuickstartStack2-eks-blue-QuickstartStack2eksbluep-1RF9XFQCGDOU4 (Service: Eks, S
tatus Code: 400, Request ID: dada9c90-8b3a-4ca9-a31b-9ad6de9eb229)" (RequestToken: b9259236-dc5b-7ea3-8672-2e6fc51570fc, HandlerError
Code: InvalidRequest)

Reproduction Steps

Operate according to document: getting-started

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.51.1 (build 3d30cdb)

EKS Blueprints Version

1.5.2

Node.js Version

v16.19.0

Environment details (OS name and version, etc.)

ubuntu

Other information

No response
@tyyzqmf tyyzqmf added the bug Something isn't working label Dec 23, 2022
@shapirov103
Copy link
Collaborator

Thank @tyyzqmf, we will take a look. I assume just general testing again China regions is needed.

@DawnElixir
Copy link

Hi team, we have encountered this issue as well. I can confirm the principal of ec2 in China region is "ec2.amazonaws.com.cn". Please help fix this, otherwise eks blueprints is unable to work in China region.

@elamaran11
Copy link
Collaborator

@DawnElixir Please confirm if you still face this issue. The ticket is open for sometime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tyyzqmf @DawnElixir @elamaran11 @shapirov103