You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Launched aws-service-quotas-exporter into a kubernetes pod, with a serviceAccount that has the permissions described in the readme.md, but it fails with the following error:
Could not retrieve quotas and limits: AccessDeniedException: User: arn:aws:sts::[acctnum]:assumed-role/eksctl-[clustername]-addon-iamserviceacc-Role1-KKHu7zswQa1L/1716930424430393929 is not authorized to perform: lambda:GetAccountSettings on resource: * because no identity-based policy allows the lambda:GetAccountSettings action
status code: 403
I can guess readme.md hasn't been updated since you added main/servicequotas/lambda_limits.go .
Launched aws-service-quotas-exporter into a kubernetes pod, with a serviceAccount that has the permissions described in the readme.md, but it fails with the following error:
I can guess readme.md hasn't been updated since you added main/servicequotas/lambda_limits.go .
more details:
command line:
aws-service-quotas-exporter --port=9090envvars:
AWS_STS_REGIONAL_ENDPOINTS: regional
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
AWS_ROLE_ARN: arn:aws:iam::[acctnum:role/eksctl-[clustername]-addon-iamserviceacc-Role1-KKHu7zswQa1L
AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
permissions in eksctl-[clustername]-addon-iamserviceacc-Role1-KKHu7zswQa1L include:
{ "Statement": [ { "Action": [ "autoscaling:DescribeAutoScalingGroups", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "ec2:Describe*", "servicequotas:ListServiceQuotas", "tag:GetResources" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }The text was updated successfully, but these errors were encountered: