EKS-Pod ROle is not respected while connecting to SQS using Cross account rol #3172
Description
Upcoming End-of-Support
- I acknowledge the upcoming end-of-support for AWS SDK for Java v1 was announced, and migration to AWS SDK for Java v2 is recommended.
Describe the bug
Cross account role is assigned to POD to connect to SQS is a different account. While starting the POD, in EKS the POD is looking for a role to be present in EC2 instance, but the Cross account role is present to POD.
Below is the error I am getting while running pod:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'simpleMessageListenerContainer' defined in class path resource [org/springframework/cloud/aws/messaging/config/annotation/SqsConfiguration.class]: Invocation of init method failed; nested exception is com.amazonaws.services.sqs.model.AmazonSQSException: User: arn:aws:sts:::assumed-role// is not authorized to perform: sqs:getqueueattributes on resource: arn:aws:sqs:us-east-1:: because no resource-based policy allows the sqs:getqueueattributes action (Service: AmazonSQS; Status Code: 403; Error Code: AccessDenied; Proxy: null)
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
The POD should start with the assume role that is assigned rather looking for the Assume role to be present to EC2
Current Behavior
The POD is not getting starting since the Assume role is not assigned to EC2.
Reproduction Steps
Assign Service Role to a POD along with Assume Role for Cross account to access SQS and try connecting using AWS SDK. It gives the error mentioned in the description
Possible Solution
No response
Additional Information/Context
No response
AWS Java SDK version used
software.amazon.awssdk:sqs:2.20.0
JDK version used
8
Operating System and version
Linux