We need to add start instance refresh after updating the tags after the ASG is created:
An error occurred (AccessDenied) when calling the StartInstanceRefresh │ operation: User: arn:aws:iam::125523088429:user/fedora-ci-testing-farm is │ not authorized to perform: autoscaling:StartInstanceRefresh on resource: │ arn:aws:autoscaling:us-east-2:125523088429:autoScalingGroup:1ea95a62-2274-4466-8f86-a3b800d2ef31:autoScalingGroupName/eks-default_node_group-20250103143008332600000003-b0ca1649-6b80-2b0c-1c29-156db1b05b83 │ because no identity-based policy allows the │ autoscaling:StartInstanceRefresh action
Ideally ASAP, it is blocking proper tagging of instances created for the cluster. See:
https://gitlab.com/testing-farm/infrastructure/-/merge_requests/781
Metadata Update from @zlopez: - Issue tagged with: aws
Metadata Update from @dkirwan: - Issue assigned to dkirwan
Added the following to the policy: fedora-ci-eks which is attached to the user fedora-ci-testing-farm. Can you please retry to see if this unblocked you?
{ "Effect": "Allow", "Action": [ ... "autoscaling:StartInstanceRefresh", ... ], "Resource": "arn:aws:eks:*:*:*" },
Metadata Update from @phsmoura: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, low-trouble, ops
@mvadkert when you get a moment, can you please check this is now resolved thanks.
@dkirwan thank you, testing!
Testing here: https://gitlab.com/testing-farm/infrastructure/-/merge_requests/781
Log in to comment on this ticket.