Roles and permission errors
Red Hat® OpenShift® Service on AWS uses AWS’s security token service (STS) to validate the credentials of different users of the service. You may receive an error such as:
Failed to create cluster: The sts_user_role is not linked to account '1oNl'. Please create a user role and link it to the account.
You can look at the troubleshooting documentation for IAM roles to create a user role and link it to your account.
- Check your account’s user-role by running the
rosa list ocm-role
androsa list user-role
commands in the command line. - If you have Red Hat Organization Administrator privileges and need to create account-wide roles, follow these steps in the CLI to create your permissions.
- To create user roles with either basic or admin privileges, follow these steps in the CLI to create your permissions.
- Once your roles have been set, you should be able to link your AWS account in the ROSA wizard in the Console or via the command line.