0

I am running into a rather niche error that I have yet to see any discussion about online. I am trying to deploy a Mendix app on AWS EKS using the CLI and Operator in non-interactive mode using IRSA authentication. I am setting up the AWS infrastructure then applying the configuration files through the command line. My app is build on Studio Pro 9.24.26 and I am using Operator 2.20.1. The issue happens when I run the command  ./mxpc-cli apply-config --file operator.yaml I cannot post my configuration file here, but it essentially follows the official documentation with a database plan, storage plan, ingress, registry, and TLS configuration.   I am building the same app across two different networks. On one network it builds properly and my app is online. On the other network, applying the operator config results in an error "invalid aws iam role". My role has the same permissions and trust policies as the working example, and my administrator should not be blocking outside access to the environment.    ​I have tried replicating the error in the functioning environment, but changing the role name, permissions, or trust policy does not trigger that invalid error. My questions are: What does the CLI tool do exactly when one runs mxpc-cli apply-config? Is there documentation of the specific calls and commands that the tool executes? The operator attempts to create its own IAM role when IRSA is activated. Is there a way to manipulate the name or permissions of this role at creatio With more insight into how the operator works, I can determine whether the issue lies within Mendix or AWS.  

asked 2025-04-16

0 answers