Update IAM role
Update IAM role
Cloud9 will manage IAM credentials automatically. This default configuration is currently not compatible with EKS authentication via IAM, we will need to disable this feature and use the IAM Role.
-
In the Cloud9 interface
- Select AWS Cloud9
- Select Preferences
-
In the Preferences interface
- Select AWS SETTINGS
- Turn off AWS managed temporary credentials
- Then close Preferences tab
-
After turning off AWS managed temporary credentials
- Run the following command.
rm -vf ${HOME}/.aws/credentials
- Proceed to configure
export ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
export AWS_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.region')
- Check AWS_REGION
test -n "$AWS_REGION" && echo AWS_REGION is "$AWS_REGION" || echo AWS_REGION is not set
- Save to bash_profile
echo "export ACCOUNT_ID=${ACCOUNT_ID}" | tee -a ~/.bash_profile
echo "export AWS_REGION=${AWS_REGION}" | tee -a ~/.bash_profile
aws configure set default.region ${AWS_REGION}
aws configure get default.region
- Authentication IAM role
aws sts get-caller-identity --query Arn | grep eks-blueprints-cdk-workshop-admin -q && echo "IAM role valid" || echo "IAM role NOT valid"
If the result is IAM role NOT valid, please check the previous steps to see if the IAM role information you created and assigned to Cloud9 Workspace is correct.