Solved: APIGEE Hybrid Installation on AWS EKS Permission d...

Arijit_apigee

Hi Members,

Here is the situation. I am installation apigee hybrid v1.14 on AWS EKS cluster. I am using workload identity federation to authenticate against GCP to allow EKS cluster to communicate with apigee management plane. I have created a apigee-non-prod service account and allow eks to impersonate on that service account. After installing apiee-env I see lot of permission denied error coming up on the service account logs in GCP. Here are the details below. The apigee environment not coming up.

message: "Permission 'apigee.organizations.get' denied on resource 'organizations/prj-d

"Permission 'apigee.instances.reportStatus' denied on resource 'organizations/

"Permission 'apigee.environments.get' denied on resource 'organizations/prj

Could you please advice what is going wrong with my installation ? I have enabled control plane access with service account

Kind Regards

Arijit

Arijit_apigee

This is solved. Basically the service account didn't have permission as roles apigee connect agent, apigee analytics agent, apigee synchronizer manager, apigee runtime agent was missing. This is due to the fact that same service account was deleted and recreated . . Adding roles to the allow policy resolved the issue

View solution in original post

Arijit_apigee

This is solved. Basically the service account didn't have permission as roles apigee connect agent, apigee analytics agent, apigee synchronizer manager, apigee runtime agent was missing. This is due to the fact that same service account was deleted and recreated . . Adding roles to the allow policy resolved the issue

APIGEE Hybrid Installation on AWS EKS Permission denied error