-
Notifications
You must be signed in to change notification settings - Fork 528
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS EFS CSI Driver follows with AssumeRole Error - cross account dynamic provisioning #1283
Comments
Hi! As you pointed out, it looks like you're failing to assume the cross account role. Did you complete step #2?
Also, your policy looks correct, |
yes, I have completed step 2 |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/kind bug
For cross account provisioning, the efs-csi-driver need IAM role to describe mount targets of the EFS file system. The driver will select an IP address from one of the mount targets on the EFS file system to perform cross-account mount.
The describe-mount-target IAM Role wasn't working when following this blog post:
https://aws.amazon.com/blogs/storage/mount-amazon-efs-file-systems-cross-account-from-amazon-eks/
What happened?
How to reproduce it (as minimally and precisely as possible)?
TF_AWSEfsCsiDriverIAMPolicy_preprod (eks account xxxx-A) :
EFSCrossAccountAccessAssumeRoleCorpPREPROD Trust relationships (efs account xxxx-B):
Amazon EFS CSI Driver version: v1.7.5-eksbuild.2
The text was updated successfully, but these errors were encountered: