Error: checking AWS STS access – cannot get role ARN for current session: MissingEndpoint: 'Endpoint' configuration is required for this service

Question

I created a cluster.yaml file which contains the below information:

---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
  name: eks-litmus-demo
  region: ${AWS_REGION}
  version: "1.21"
managedNodeGroups:
  - instanceType: m5.large
    amiFamily: AmazonLinux2
    name: eks-litmus-demo-ng
    desiredCapacity: 2
    minSize: 2
    maxSize: 4
EOF

When i run $ eksctl create cluster -f cluster.yaml to create the cluster through my terminal, I get the below error:

Error: checking AWS STS access – cannot get role ARN for current session: MissingEndpoint: 'Endpoint' configuration is required for this service

How can I resolve this? Please help!!!

Note: I have the global and regional endpoints under STS set to "valid in all AWS regions".

Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. — Community, Mar 09 '22 at 12:52

score 4 · Answer 1 · answered Jun 16 '22 at 03:57

4

In my case, it was a typo in the region. I had us-east1 as the value. When it is corrected to us-east-1, the error disappeared. So it is worth checking if there are typos in any of the fields.

answered Jun 16 '22 at 03:57

Sidharth J

97
4

score 3 · Answer 2 · answered Jul 24 '22 at 07:15

3

mention --profile if you use any aws profile other than default

eksctl create cluster -f cluster.yaml --profile <profile-name>

answered Jul 24 '22 at 07:15

Rafaf Tahsin

7,652
4
28
45

score 1 · Answer 3 · answered Dec 07 '22 at 20:09

My SSO session token had expired:

aws sts get-caller-identity --profile default

The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.

Then I needed to refresh my SSO session token:

aws sso login

Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.us-east-2.amazonaws.com/

Then enter the code:

XXXX-XXXX
Successfully logged into Start URL: https://XXXX.awsapps.com/start

I've forgoten to add the --profile {my-profile} – RicHincapie Dec 16 '22 at 20:52 — RicHincapie, Dec 16 '22 at 20:52

score 0 · Answer 4 · answered Mar 14 '22 at 14:53

Error: checking AWS STS access – cannot get role ARN for current session:

According to this, I think its not able to get the role (in your case, cluster creator's role) which is responsible to create the cluster. Create an IAM user with appropriate role. Attach necessary policies to that role to create the EKS cluster.
Then you can use aws configure command to add the AWS Access Key ID, AWS Secret Access Key, and Default region name.

[Make sure that the user has the appropriate access to create and access the eks cluster in your aws account. You can use aws cli to verify if you have the appropriate access]

score 0 · Answer 5 · answered Sep 22 '22 at 13:49

0

It is important to configure the default profile for AWS CLI correctly on the command line using

set AWS_ACCESS_KEY_ID <your_access_key>

set AWS_SECRET_ACCESS_KEY <your_secret_key>

answered Sep 22 '22 at 13:49

Pirate

1

Error: checking AWS STS access – cannot get role ARN for current session: MissingEndpoint: 'Endpoint' configuration is required for this service

5 Answers5