Setting up AWS EKS - Don't know username and password for config

This issue occurs if your user configuration isn't working in your kubeconfig, or if you are on a version of kubectl less than v1.10

I was getting the same error.

I created the EKS cluster via the aws console, however when I followed the steps in the docs to configure my kubeconfig, I got the same error:

$ kubectl get svcPlease enter Username: JessicaGPlease enter Password: ****************Error from server (Forbidden): services is forbidden: User "system:anonymous" cannot list services in the namespace "default"

This is what ended up being my problem:

In the AWS Getting Started guide in the section "Step 1: Create Your Amazon EKS Cluster: To create your cluster with the console", it says this:

"You must use IAM user credentials for this step, not root credentials. If you create your Amazon EKS cluster using root credentials, you cannot authenticate to the cluster."

It turned out that I had created the EKS cluster with my root credentials, however I was trying to authenticate with my admin user JessicaG.

My solution:

I re-created the cluster with the admin IAM user JessicaG. To do so here are the steps I took:

1) I configured the default user in my local file ~/.aws/credentials with the user's access keys

$ cat ~/.aws/credentials[default]aws_access_key_id = <JessicaG access key>aws_secret_access_key = <JessicaG secret key>

2) Created an eks cluster from the command line:

aws eks create-cluster --name eksdemo --role-arn <eksRole> --resources-vpc-config subnetIds=<subnets>,securityGroupIds=<securityGrps>

3) Configured kubeconfig:

apiVersion: v1clusters:- cluster:    server: REDACTED    certificate-authority-data: REDACTED  name: eksdemocontexts:- context:    cluster: eksdemo    user: aws-jessicag  name: eksdemocurrent-context: eksdemokind: Configpreferences: {}users:- name: aws-jessicag  user:    exec:      apiVersion: client.authentication.k8s.io/v1alpha1      command: heptio-authenticator-aws      args:        - "token"        - "-i"        - "eksdemo"

That solved this problem for me.

Make sure you have stable version of kubectl install

curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl

Also if you getting access denied error then make sure you are using the same IAM user access for kubectl which you used for creating EKS cluster.

When an Amazon EKS cluster is created, the IAM entity (user or role) that creates the cluster is added to the Kubernetes RBAC authorization table as the administrator (with system:master permissions. Initially, only that IAM user can make calls to the Kubernetes API server using kubectl.If you use the console to create the cluster, you must ensure that the same IAM user credentials are in the AWS SDK credential chain when you are running kubectl commands on your cluster.