Unable to authenticate with Amazon Web Services

Hi,

I’m using a self-managed GitLab instance on a Linux server (Ubuntu). I recently updated GitLab to version12.7.8 and (I was using 10.x before) and I plan to use a Kubernetes cluster to run the pipelines.
I’m trying to create a new cluster on EKS (Amazon).

I’m stuck at point 6 “Authenticate with AWS”.
I have a role properly setup in AWS, I copied the role ARN, but when I click “Authenticate with AWS” I get this error:
Error: Request failed with status code 422

I have no idea how to solve this issue. Any help would be much appreciated.
Thanks in advance,

Rémi

Any suggestions here? I am now running into this trying to setup auto devops k8s EKS cluster for the first time using 12.9.2 self-hosted. created the policy with the json and the external role attached to the policy like above guide says to do but get the 422 error. Setup to use the postgres 11 database.

Unfortunately, I’m still stuck with this 422 error when trying to authenticate on AWS.

I gave up and used Google GKS instead. It worked fine after the registration was completed. It would have been better for me to use AWS since I already have an account with this hosting provider.

Ok, I managed to get it working… there is NO documentation what-so-ever that I could find to create the AWS “provisioning” USER which must be setup in admin/settings/integrations/amazon EKS. I created the policies the above docs said (provision and service roles) and then a new policy called “assume_eks_role” with the following json
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “VisualEditor0”,
“Effect”: “Allow”,
“Action”: “sts:AssumeRole”,
“Resource”: “arn:aws:iam::592688xxxx:role/gitlab_provision_role”
}
]
}

Then I created a user with apikey access only and attached the assume_eks_role to it. then when I went into create eks cluster I was able to select authenticate and have it work.

GitLab really needs to document the ADMIN portion of EKS integration… I must have watched 10 videos and EVERY one skipped how to actually setup EKS. This is the only documentation I found https://docs.gitlab.com/ee/user/project/clusters/add_eks_clusters.html and it just in passing mentions adding the assume role.

1 Like

Thanks a lot, this worked for me too!

Works! Creating a gitlab_provision_role is only required for self-hosted(on premise) GitLab instances.
TIP1: don’t forget to change the Account ID(592688xxxx) while copying the above json permission snippet.
TIP2: change gitlab_provision_role to the role you are going to use, you might also use * -> gitlab_* - give access to any roles starting with gitlab_