Create EKS Cluster with Role Assume

When creating an EKS Cluster you need to specify a role that is automatically granted system:masters permissions in the cluster’s RBAC configuration. The role has be to created in the account where EKS will be created. If you like me are using Assume Role form another account in order to avoid creating a local account the AWS account just create the role as you would normally do and then:

The policy JSON has to be edited like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<account:/role>"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}