Amazon EKS: Unauthorized


I installed an Amazon EKS Cluster with Terraform.
I have access to the cluster and can create resources on Kubernetes with Terraform. If I want to destroy the cluster with Terraform, it works. But if someone else (who hadn’t run the Terraform apply) want to destroy the cluster, it doesn’t work. Only the person who created the cluster can run a Terraform command. The other users get the error message:

kubernetes_namespace.ingress_ctl: Refreshing state… [id=kube-ingress-ctl]
kubernetes_cluster_role_binding.developers: Refreshing state… [id=developers_binding]
kubernetes_config_map.aws_auth: Refreshing state… [id=kube-system/aws-auth]
kubernetes_cluster_role.developers: Refreshing state… [id=developers]
Error: Unauthorized

In EKS , there is the following error message:
client=“” error=“ARN is not mapped: arn:aws:iam:::user/” method=POST path=/authenticate
time=“2020-09-07T07:20:53Z” level=warning msg=“access denied” arn

But the users are mapped:
- system:masters
username: admins
rolearn: arn:aws:iam::993448060988:role/kubernetes-admins

And they can create resources on Kubernetes with kubectl.

Anyone can help me?
Thank you in advance.

Have you tried getting the auth token using the aws_eks_cluster_auth data source?

Here’s a link to do doc.

I’m running into a similar issue even when using aws_eks_cluster_auth. I filed an issue here in case it’s helpful for anyone else searching for the same thing.