I am currently playing around with AWS EKS But I always get error: You must be logged in to the server (Unauthorized) when trying to run kubectl cluster-info command.

I have read a lot of AWS documentation and look at lots of similar issues who face the same problem. Unfortunately, none of them resolves my problem.

So, this is what I did

1. install all required packages
2. create a user to access aws-cli name crop-portal
3. create a role for EKS name crop-cluster
4. create EKS cluster via AWS console with the role crop-cluster namecrop-cluster(cluster and role have the same name)
5. run AWS configure for user crop-portal
6. run aws eks update-kubeconfig --name crop-cluster to update the kube config
7. run aws sts assume-role --role-arn crop-cluster-arn --role-session-name eks-access
8. copy accessKey, secreyKey and sessionToken into env variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN accordingly
9. run aws sts get-caller-indentity and now the result says it used assume role already

{
    "UserId": "AROAXWZGX5HOBZPVGAUKC:botocore-session-1572604810",
    "Account": "529972849116",
    "Arn": "arn:aws:sts::529972849116:assumed-role/crop-cluster/botocore-session-1572604810"
}

10. run kubectl cluster and always get error: You must be logged in to the server (Unauthorized)

when I run aws-iam-authenticator token -i crop-cluster, it gave me the token and when I run aws-iam-authenticator verify -t token -i crop-portal, it also passed

&{ARN:arn:aws:sts::529972849116:assumed-role/crop-cluster/1572605554603576170 CanonicalARN:arn:aws:iam::529972849116:role/crop-cluster AccountID:529972849116 UserID:AROAXWZGX5HOBZPVGAUKC SessionName:1572605554603576170}

I don't know what is wrong or what I miss. I try so hard to get it works but I really don't know what to do after this. Some people suggest creating a cluster with awscli instead of GUI. I tried both methods and none of them work. Either creating with awscli or GUI is the same for me.

Please someone helps :(