kube2iam - Invalid role: does not match annotated role
A couple of things I can think of:
It could be a problem where your node role
e2e3-XXXXXXXXXX
is not able to assume theui-eb-instance
role. You do have the trust relationship between the 2 roles but did you attach any permission policy toe2e3-XXXXXXXXXX
?You can put or attach a permission policy and you can start with a policy that allows
AssumeRole
permissions for all the resources:{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Resource": "*" } ]}
This is also described in the kube2iam docs.
It could also be that your base role arn is not being autodiscovered with
--auto-discover-base-arn
so you could also try:--base-role-arn=arn:aws:iam::xxxxxxx:role/