MSK: operation error Kafka: CreateCluster, https response error StatusCode: 403 #2464
Description
Describe the bug
arn:aws:iam::aws:policy/AmazonMSKFullAccess attached with Pod Identity results in:
{
"level": "error",
"ts": "2025-05-09T05:31:01.021Z",
"msg": "Reconciler error",
"controller": "cluster",
"controllerGroup": "kafka.services.k8s.aws",
"controllerKind": "Cluster",
"Cluster": {
"name": "cluster-name",
"namespace": "ack-system"
},
"namespace": "ack-system",
"name": "x",
"reconcileID": "7680a7be-2523-4689-9268-0c04a18db412",
"error": "operation error Kafka: CreateCluster, https response error StatusCode: 403, RequestID: 3bba50f8-f56f-4d73-a50f-23eef5249e01, api error AccessDeniedException: User: xxx is not authorized to perform: kafka:CreateCluster on resource: *",
"stacktrace": "sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:347\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:294\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:255"
}
Steps to reproduce
Expected outcome
Create cluster
Environment
- Kubernetes version 1.31
- Using EKS - yes
- AWS service - MSK