This repository has been archived by the owner on Dec 15, 2022. It is now read-only.
Strange error thrown when using assumerole cross-account #236
Labels
bug
Something isn't working
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What happened?
Crossplane is complaining that it cannot observe external resource after creating it. To put you into context, we are running crossplane in EKS cluster and using assume-role feature to provision resources cross account. Crossplane successfully manage to create the resource but in the events it says
cannot run refresh: refresh failed: AccessDeniedException: User: arn:aws:sts::6**************5:assumed-role/provider-jet-aws-controller/1663822017293203786 is not authorized to perform: events:ListTargetsByRule on resource: arn:aws:events:eu-west-1:6**************5:rule/oms/o*************t because no identity-based policy allows the events:ListTargetsByRule action status code: 400, request id: 895b8bc1-2c4a-4510-b830-ea8c971739fd: : File name: main.tf.jsonFor some reason the creation of the resource cross account works, but afterwards it cannot observe it. The error message is weird because the cloud resource it's looking for is created in a different account than the one it's complaining about.
What environment did it happen in?
Crossplane version: 1.6.2
Cloud provider - AWS
Kubernetes version - 1.22
Kubernetes distribution - AWS EKS
Provider JET AWS version - v0.5.0-preview
The text was updated successfully, but these errors were encountered: