Fix Terraform Error - Error Creating EKS Cluster - AccessDeniedException
DevOps Troubleshooting

Fix Terraform Error - Error Creating EKS Cluster - AccessDeniedException

Luca Berton
· 2 min read
Key Takeaway

How to fix AccessDeniedException when creating EKS clusters in Terraform. Configure IAM roles, service-linked roles, and VPC permissions.

Table of Contents

The Error

Error creating EKS Cluster: AccessDeniedException: User is not authorized to perform eks:CreateCluster

What Causes This

The IAM user or role running Terraform doesn’t have sufficient permissions to create EKS clusters. EKS requires specific IAM permissions for the cluster, node groups, networking, and service-linked roles.

How to Fix It

Solution 1: Add Required IAM Permissions

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "eks:*",
        "ec2:DescribeSubnets",
        "ec2:DescribeVpcs",
        "ec2:DescribeSecurityGroups",
        "ec2:CreateSecurityGroup",
        "ec2:DeleteSecurityGroup",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:AuthorizeSecurityGroupEgress",
        "ec2:CreateTags",
        "iam:PassRole",
        "iam:CreateServiceLinkedRole"
      ],
      "Resource": "*"
    }
  ]
}

Solution 2: Create EKS Cluster Role

resource "aws_iam_role" "eks_cluster" {
  name = "eks-cluster-role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Action    = "sts:AssumeRole"
      Effect    = "Allow"
      Principal = { Service = "eks.amazonaws.com" }
    }]
  })
}

resource "aws_iam_role_policy_attachment" "eks_cluster" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
  role       = aws_iam_role.eks_cluster.name
}

resource "aws_eks_cluster" "main" {
  name     = "production"
  role_arn = aws_iam_role.eks_cluster.arn
  vpc_config {
    subnet_ids = aws_subnet.private[*].id
  }
}

Solution 3: Service-Linked Role

# EKS needs a service-linked role — create if missing
aws iam create-service-linked-role --aws-service-name eks.amazonaws.com

Prevention Tips

  1. Pin provider versions — avoid surprise breaking changes
  2. Use CI/CD — catch errors before they hit production
  3. Test with terraform plan — always review before applying
  4. Keep Terraform updated — newer versions have better error messages
  5. Use terraform validate — catches syntax errors early

Hands-On Courses

Learn to avoid these errors with interactive, project-based courses:

Conclusion

This error is common and fixable. Follow the solutions above, and check our Terraform course for hands-on training that covers real-world troubleshooting scenarios.

🚀

Level Up Your Terraform Skills

Hands-on courses, books, and resources from Luca Berton

Terraform Course Udemy Course Books Cheat Sheet
More courses: Ansible Quickstart OpenClaw Agent MLflow + K8s
Luca Berton
Written by

Luca Berton

DevOps Engineer, AWS Partner, Terraform expert, and author. Creator of Ansible Pilot, Terraform Pilot, and CopyPasteLearn.

Terraform Troubleshooting DevOps Error Fix Infrastructure as Code

Related Articles

Fix Terraform Error: Local-Exec Provisioner Failed

Dec 30, 2025 · 3 min

Fix Terraform Error: Failed to Query Available Provider Packages

Dec 28, 2025 · 2 min

Fix Terraform Error: Resource Managed by Newer Provider Version

Dec 22, 2025 · 3 min

Fix Terraform Error: No Value for Required Variable

Dec 4, 2025 · 3 min