Category: AWS Problems
Problems related to AWS
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| prequel-2025-0078 Low Impact: 6/10 Mitigation: 5/10 | AWS LoadBalancer Security Group Failure | While reconciling a TargetGroupBinding the AWS Load Balancer Controller inspects the ENI attached to each pod (IP mode) or worker node (instance mode). If it finds **zero or more than one** security group carrying the cluster-ownership tag `kubernetes.io/cluster/<cluster-name>: owned`, it aborts and logs: ``` Reconciler error … targetGroupBinding … expected exactly one securityGroup tagged … ``` When this happens the controller never attaches nodes/pods to target groups, so the load balancer comes up with **0 healthy targets**. | AWS Problems | aws-load-balancer-controller | AWSLoadbalancerSecurity Group |
| prequel-2025-0079 Medium Impact: 3/10 Mitigation: 3/10 | AWS Cluster Autoscaler Access Denied | **Cluster Autoscaler** tries to fetch node-group metadata to decide whether it can scale a workload-affinityed pod. The call to the EKS control plane fails with ``` Failed to get labels from EKS DescribeNodegroup API for nodegroup <name> … AccessDeniedException: User <ARN> is not authorized to perform: eks:DescribeNodegroup on resource: arn:aws:eks:<region>:<acct>:nodegroup/… ``` Once the error is hit the Autoscaler marks the node-group **Not-Ready for scaling actions**, so pending pods remain unscheduled and scale-down decisions are skipped. | AWS Problems | aws-cluster-autoscaler | AWSAutoscaling |