This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Error 400 creating Anthos on AWS cluster (make sure service agent has role in your fleet project)

Posted on 07-29-2022 03:19 AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM 
Error: Error creating Cluster: googleapi: Error 400: could not manage Hub Membership. Make sure service agent 
"service-<project_id>@gcp-sa-gkemulticloud.iam.gserviceaccount.com" has role "gkemulticloud.serviceAgent" in your Fleet project

I tried to create an Anthos on AWS cluster but was hit with the error above. I made sure that the Anthos Multi Cloud API is enabled and checked if the Service Agent and Role exists but for some reason the Service Agent doesn't seem to exist but the Role does exist. I thought enabling the API will automatically create the service agent and role for us.

Any help on this will be much appreciated!

 

 

0 1 305
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
bkauf
Staff
Reply posted on --/--/---- --:-- AM

Hello, enabling the API does create the GCP service agent however you then need to have a matching AWS Role and Policy for that agent in AWS IAM.  You can reference the instructions on how to do this in the prerequisites here: https://cloud.google.com/anthos/clusters/docs/multi-cloud/aws/how-to/create-aws-iam-roles

Also there are terraform scripts to setup all the prereqs and deploy an Anthos on AWS cluster here:

https://cloud.google.com/anthos/clusters/docs/multi-cloud/aws/how-to/create-cluster-with-terraform

Top Labels in this Space