eksctl without IAM:CreateRole permissions

[ecpullen]

Discussed in #5423

^{Originally posted by ecpullen June 14, 2022}
I am trying to setup eksctl for cluster creation using existing service roles and instance profiles.

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name:  eksctl-test
  region: us-west-2

iam:
  serviceRoleArn: arn:aws:iam::***************:role/*********************

Whenever I use eksctl create cluster it errors with.

AWS::IAM::Role/ServiceRole: CREATE_FAILED – "API: iam:CreateRole User: arn:aws:sts::*********:assumed-role/********** is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::*********:role/eksctl-<cluster_name>-cluster-ServiceRole-10FMX3LU9UVU because no identity-based policy allows the iam:CreateRole action"

Is it possible to use eksctl without creating a role?

[github-actions]

Hello ecpullen 👋 Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-3 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website

[cPu1]

iam:
  serviceRoleArn: arn:aws:iam::***************:role/*********************

The casing for the field is incorrect, it should be serviceRoleARN. Fields in ClusterConfig are case-sensitive.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[cPu1]

iam:
  serviceRoleArn: arn:aws:iam::***************:role/*********************

The casing for the field is incorrect, it should be serviceRoleARN. Fields in ClusterConfig are case-sensitive.

@ecpullen, this should work. Please feel free to open a new issue if you have more questions.