Description of problem: If an OCP cluster attempts to create a Spot instance on AWS, which has not already had a spot instance launched in it, then it will fail with the following error: ``` Error launching instance: AuthFailure.ServiceLinkedRoleCreationNotPermitted: The provided credentials do not have permission to create the service-linked role for EC2 Spot Instances. ``` Version-Release number of selected component (if applicable): 4.5 How reproducible: Easily given a new AWS account can be created Alternatively I believe deleting the service linked role would recreate this issue (AWSServiceRoleForEC2Spot) Steps to Reproduce: 1. Create a brand new AWS account 2. Install an OCP 4.5 cluster 3. Attempt to create a spot instance Actual results: Machine controller logs error when attempting to create the spot instances Expected results: Spot instances are created without issue Additional info:
Verified clusterversion: 4.5.0-0.nightly-2020-05-10-231314 $ oc edit CredentialsRequest -n openshift-cloud-credential-operator openshift-machine-api-aws statementEntries: - action: - iam:CreateServiceLinkedRole I don't have a new aws account, but create spot instance, didn't met this error. Move it to verified, if meet this problem again, will reopen it.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409