2023. 6. 2. 17:13ㆍDev/EKS
I am working to create pod on AWS EKS. Pod STATUS is Pending, CreahLoopBackOff, Error.
I hit the command.
kubectl get event -n <namespace>
3m34s Warning ProvisioningFailed persistentvolumeclaim/etcd-data-etcd-0
failed to provision volume with StorageClass "gp2": rpc error: code = Internal
desc = Could not create volume "pvc-7ddb4a8a-4346-4d02-ba80-83b3da72630d": could not create volume in EC2: UnauthorizedOperation: You are not authorized to perform this operation.
Encoded authorization failure message: O8GnSy5kjo7CJiNx9Ui-V15eRJNwnwOLWPGIwER-7JhBT_JY4FB-1NYZZkiVHJo0Zvs4ClGmrcezkdOsS-T4IIZo9IcQPPTZPzGHVKuiETg5mLjNB8TL3l1185lY_2X1qkIWqDDlpme-eP2jelhkL66O_qtIZzXWx4YzPsl18mMsxRUK8GCraXqNekPAmSELQl1wuhalTbECh3m433JaRsn_QRK6DZQSCVJFvVhLUnSU9NylWCljdBOGz3Cl8CzOOMs1DvGq5Nsc9UGqd_tbY0x7AWh8t884ujdk3p5lCEjX6E6z92c-jatpb1Ljqz6Gaa-b2FsY5sHy3ZcHDX8UKMkk6KBcQgvKeF30L_wOB4ZZwcNwTSP8wjZWLsd3PiOEmQZjut3MiMF0anvRSA2EEYmmHFNAul74qepzYaGntOc0c6lE9P4doH2TWCUshTpCJo8-v9a0fSi8Do9LBYK_65VzTSXQ8igRhNCAZZ20RQtPRGYiSl-yhnsWHmWg0UoeAFuKN816CUhdFr9TE3iOFeKIm6SXmDA_JF-pPFatEiu8KpN6XBqR__LzV2U499Mia0lQ0-1j8hFxpZfEVhf9SHF0I8SfC6yU_OTff-3waNx2OiHV1zfndHvcc9okudZK5PC535hSepoED1cwwp25Vk...
How to decode message?
aws sts decode-authorization-message --encoded-message KDmmJmkLKm...iUtfAa
Result
{
"DecodedMessage": "{\"allowed\":false,\"explicitDeny\":false,\"matchedStatements\":{\"items\":[]},\"failures\":{\"items\":[]},\"context\":{\"principal\":{\"id\":\"AROASZKW6LWYEK6RY2:i-0f857d5f36f428a2\",\"arn\":\"arn:aws:sts::111122223333:assumed-role/eksctl-host-cluster-nodegroup-ng-NodeInstanceRole-1NP941QSJS/i-0f857d5f376f428a2\"},\"action\":\"ec2:CreateVolume\",\"resource\":\"arn:aws:ec2:ap-northeast-2:111122223333:volume/*\",\"conditions\":{\"items\":[{\"key\":\"aws:Resource\",\"values\":{\"items\":[{\"value\":\"volume/*\"}]}},{\"key\":\"aws:Account\",\"values\":{\"items\":[{\"value\":\"111122223333\"}]}},{\"key\":\"ec2:AvailabilityZone\",\"values\":{\"items\":[{\"value\":\"ap-northeast-2c\"}]}},{\"key\":\"ec2:Encrypted\",\"values\":{\"items\":[{\"value\":\"false\"}]}},{\"key\":\"ec2:VolumeType\",\"values\":{\"items\":[{\"value\":\"gp2\"}]}},{\"key\":\"aws:Region\",\"values\":{\"items\":[{\"value\":\"ap-northeast-2\"}]}},{\"key\":\"aws:Service\",\"values\":{\"items\":[{\"value\":\"ec2\"}]}},{\"key\":\"ec2:VolumeID\",\"values\":{\"items\":[{\"value\":\"*\"}]}},{\"key\":\"ec2:VolumeSize\",\"values\":{\"items\":[{\"value\":\"5\"}]}},{\"key\":\"aws:Type\",\"values\":{\"items\":[{\"value\":\"volume\"}]}},{\"key\":\"ec2:Region\",\"values\":{\"items\":[{\"value\":\"ap-northeast-2\"}]}},{\"key\":\"aws:ARN\",\"values\":{\"items\":[{\"value\":\"arn:aws:ec2:ap-northeast-2:111122223333:volume/*\"}]}}]}}}"
}
Add a command to change it to a more readable format.
aws sts decode-authorization-message --encoded-message 'KDmmJmkLKm...iUtfAa' | sed 's/\\"/"/g' | sed 's/^"//' | sed 's/"$//'
'Dev > EKS' 카테고리의 다른 글
| eks alb 접속 장애문제와 해결과정 (보안그룹) (0) | 2023.06.05 |
|---|---|
| Cross Functional Team이란? (0) | 2023.06.03 |
| eksctl version upgrade For MacOS (0) | 2023.06.02 |
| AWS EKS에서 NGINX Ingress rewrite annotation 사용하기 (2) | 2023.05.01 |
| AWS EKS에 ALB를 이용해 여러 서비스 연결하기 (0) | 2023.04.22 |