**Help improve this page**
To contribute to this user guide, choose the **Edit this page on GitHub** link that is located in the right pane of every page.
# Create an Amazon EKS add-on
Amazon EKS add-ons are add-on software for Amazon EKS clusters. All Amazon EKS add-ons:
+ Include the latest security patches and bug fixes.
+ Are validated by AWS to work with Amazon EKS.
+ Reduce the amount of work required to manage the add-on software.
You can create an Amazon EKS add-on using `eksctl`, the AWS Management Console, or the AWS CLI. If the add-on requires an IAM role, see the details for the specific add-on in [Amazon EKS add-ons](eks-add-ons.md) for details about creating the role.
## Prerequisites
Complete the following before you create an add-on:
+ The cluster must exist before you create an add-on for it. For more information, see [Create an Amazon EKS cluster](create-cluster.md).
+ Check if your add-on requires an IAM role. For more information, see [Verify Amazon EKS add-on version compatibility with a cluster](addon-compat.md).
+ Verify that the Amazon EKS add-on version is compatible with your cluster. For more information, see [Verify Amazon EKS add-on version compatibility with a cluster](addon-compat.md).
+ Verify that version 0.190.0 or later of the `eksctl` command line tool installed on your computer or AWS CloudShell. For more information, see [Installation](https://eksctl.io/installation/) on the `eksctl` website.
## Procedure
You can create an Amazon EKS add-on using `eksctl`, the AWS Management Console, or the AWS CLI. If the add-on requires an IAM role, see the details for the specific add-on in [Available Amazon EKS add-ons from AWS](workloads-add-ons-available-eks.md) for details about creating the role.
## Create add-on (eksctl)
1. View the names of add-ons available for a cluster version. Replace *1.35* with the version of your cluster.
```
eksctl utils describe-addon-versions --kubernetes-version 1.35 | grep AddonName
```
An example output is as follows.
```
"AddonName": "aws-ebs-csi-driver",
"AddonName": "coredns",
"AddonName": "kube-proxy",
"AddonName": "vpc-cni",
"AddonName": "adot",
"AddonName": "dynatrace_dynatrace-operator",
"AddonName": "upbound_universal-crossplane",
"AddonName": "teleport_teleport",
"AddonName": "factorhouse_kpow",
[...]
```
1. View the versions available for the add-on that you would like to create. Replace *1.35* with the version of your cluster. Replace *name-of-addon* with the name of the add-on you want to view the versions for. The name must be one of the names returned in the previous step.
```
eksctl utils describe-addon-versions --kubernetes-version 1.35 --name name-of-addon | grep AddonVersion
```
The following output is an example of what is returned for the add-on named `vpc-cni`. You can see that the add-on has several available versions.
```
"AddonVersions": [
"AddonVersion": "v1.12.0-eksbuild.1",
"AddonVersion": "v1.11.4-eksbuild.1",
"AddonVersion": "v1.10.4-eksbuild.1",
"AddonVersion": "v1.9.3-eksbuild.1",
```
1. Determine whether the add-on you want to create is an Amazon EKS or AWS Marketplace add-on. The AWS Marketplace has third party add-ons that require you to complete additional steps to create the add-on.
```
eksctl utils describe-addon-versions --kubernetes-version 1.35 --name name-of-addon | grep ProductUrl
```
If no output is returned, then the add-on is an Amazon EKS. If output is returned, then the add-on is an AWS Marketplace add-on. The following output is for an add-on named `teleport_teleport`.
```
"ProductUrl": "https://aws.amazon.com/marketplace/pp?sku=3bda70bb-566f-4976-806c-f96faef18b26"
```
You can learn more about the add-on in the AWS Marketplace with the returned URL. If the add-on requires a subscription, you can subscribe to the add-on through the AWS Marketplace. If you’re going to create an add-on from the AWS Marketplace, then the [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-principal) that you’re using to create the add-on must have permission to create the [AWSServiceRoleForAWSLicenseManagerRole](https://docs.aws.amazon.com/license-manager/latest/userguide/license-manager-role-core.html) service-linked role. For more information about assigning permissions to an IAM entity, see [Adding and removing IAM identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) in the IAM User Guide.
1. Create an Amazon EKS add-on. Copy the command and replace the *user-data* as follows:
+ Replace *my-cluster* with the name of your cluster.
+ Replace *name-of-addon* with the name of the add-on that you want to create.
+ If you want a version of the add-on that’s earlier than the latest version, then replace *latest* with the version number returned in the output of a previous step that you want to use.
+ If the add-on uses a service account role, replace *111122223333* with your account ID and replace *role-name* with the name of the role. For instructions on creating a role for your service account, see the documentation for the add-on that you’re creating. For a list of add-ons, see [AWS add-ons](workloads-add-ons-available-eks.md). Specifying a service account role requires that you have an IAM OpenID Connect (OIDC) provider for your cluster. To determine whether you have one for your cluster, or to create one, see [Create an IAM OIDC provider for your cluster](enable-iam-roles-for-service-accounts.md).
If the add-on doesn’t use a service account role, delete `--service-account-role-arnarn:aws:iam::111122223333:role/role-name`.
+ This example command overwrites the configuration of any existing self-managed version of the add-on, if there is one. If you don’t want to overwrite the configuration of an existing self-managed add-on, remove the *--force* option. If you remove the option, and the Amazon EKS add-on needs to overwrite the configuration of an existing self-managed add-on, then creation of the Amazon EKS add-on fails with an error message to help you resolve the conflict. Before specifying this option, make sure that the Amazon EKS add-on doesn’t manage settings that you need to manage, because those settings are overwritten with this option.
```
eksctl create addon --cluster my-cluster --name name-of-addon --version latest \
--service-account-role-arn arn:aws:iam::111122223333:role/role-name --force
```
You can see a list of all available options for the command.
```
eksctl create addon --help
```
For more information about available options see [Addons](https://eksctl.io/usage/addons/) in the `eksctl` documentation.
## Create add-on (AWS Console)
1. Open the [Amazon EKS console](https://console.aws.amazon.com/eks/home#/clusters).
1. In the left navigation pane, choose **Clusters**.
1. Choose the name of the cluster that you want to create the add-on for.
1. Choose the **Add-ons** tab.
1. Choose **Get more add-ons**.
1. On the **Select add-ons** page, choose the add-ons that you want to add to your cluster. You can add as many **Amazon EKS add-ons** and ** AWS Marketplace add-ons** as you require.
For ** AWS Marketplace** add-ons the [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-principal) that you’re using to create the add-on must have permissions to read entitlements for the add-on from the AWS LicenseManager. AWS LicenseManager requires [AWSServiceRoleForAWSLicenseManagerRole](https://docs.aws.amazon.com/license-manager/latest/userguide/license-manager-role-core.html) service-linked role (SLR) that allows AWS resources to manage licenses on your behalf. The SLR is a one time requirement, per account, and you will not have to create separate SLR’s for each add-on nor each cluster. For more information about assigning permissions to an [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-principal) see [Adding and removing IAM identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) in the IAM User Guide.
If the ** AWS Marketplace add-ons** that you want to install aren’t listed, you can click the page numbering to view additional page results or search in the search box. In the **Filtering options**, you can also filter by **category**, **vendor**, or **pricing model** and then choose the add-ons from the search results. Once you’ve selected the add-ons that you want to install, choose **Next**.
1. On the **Configure selected add-ons settings** page, do the following:
1. Choose **View subscription options** to open the **Subscription options** form. Review the **Pricing details** and **Legal** sections, then choose the **Subscribe** button to continue.
1. For **Version**, choose the version that you want to install. We recommend the version marked **latest**, unless the individual add-on that you’re creating recommends a different version. To determine whether an add-on has a recommended version, see the documentation for the add-on that you’re creating. For a list of add-ons, see [AWS add-ons](workloads-add-ons-available-eks.md).
1. You have two options for configuring roles for add-ons: EKS Pod Identities IAM role and IAM roles for service accounts (IRSA). Follow the appropriate step below for your preferred option. If all of the add-ons that you selected have **Requires subscription** under **Status**, choose **Next**. You can’t [configure those add-ons](updating-an-add-on.md) further until you’ve subscribed to them after your cluster is created. For the add-ons that don’t have **Requires subscription** under **Status**, do the following:
1. For **Pod Identity IAM role for service account**, you can either use an existing EKS Pod Identity IAM role or create one using the **Create Recommended Role** button. This field will only provide options with the appropriate trust policy. If there’s no role to select, then you don’t have an existing role with a matching trust policy. To configure an EKS Pod Identity IAM role for service accounts of the selected add-on, choose **Create recommended role**. The role creation wizard opens in a separate window. The wizard will automatically populate the role information as follows. For each add-on where you want to create the EKS Pod Identity IAM role, complete the steps in the IAM wizard as follows.
+ On the **Select trusted entity** step, the AWS service option for **EKS** and the use case for **EKS - Pod Identity** are preselected, and the appropriate trust policy will be automatically populated for the add-on. For example, the role will be created with the appropriate trust policy containing the pods.eks.amazonaws.com IAM Principal as detailed in [Benefits of EKS Pod Identities](pod-identities.md#pod-id-benefits). Choose **Next**.
+ On the **Add permissions** step, the appropriate managed policy for the role policy is preselected for the add-on. For example, for the Amazon VPC CNI add-on, the role will be created with the managed policy `AmazonEKS_CNI_Policy` as detailed in [Amazon VPC CNI plugin for Kubernetes](workloads-add-ons-available-eks.md#add-ons-vpc-cni). Choose **Next**.
+ On the **Name, review, and create** step, in **Role name**, the default role name is automatically populated for the add-on. For example, for the **Amazon VPC CNI** add-on, the role will be created with the name **AmazonEKSPodIdentityAmazonVPCCNIRole**. In **Description**, the default description is automatically populated with the appropriate description for the add-on. For example, for the Amazon VPC CNI add-on, the role will be created with the description **Allows pods running in Amazon EKS cluster** to access AWS resources. In **Trust policy**, view the populated trust policy for the add-on. Choose **Create role**.
NOTE: Retaining the default role name enables EKS to pre-select the role for add-ons in new clusters or when adding add-ons to existing clusters. You can still override this name and the role will be available for the add-on across your clusters, but the role will need to be manually selected from the drop down.
1. For add-ons that do not have **Requires subscription** under **Status** and where you want to configure roles using IRSA, see the documentation for the add-on that you’re creating to create an IAM policy and attach it to a role. For a list of add-ons, see [AWS add-ons](workloads-add-ons-available-eks.md). Selecting an IAM role requires that you have an IAM OpenID Connect (OIDC) provider for your cluster. To determine whether you have one for your cluster, or to create one, see [Create an IAM OIDC provider for your cluster](enable-iam-roles-for-service-accounts.md).
1. Choose **Optional configuration settings**.
1. If the add-on requires configuration, enter it in the **Configuration values** box. To determine whether the add-on requires configuration information, see the documentation for the add-on that you’re creating. For a list of add-ons, see [AWS add-ons](workloads-add-ons-available-eks.md).
1. Choose one of the available options for **Conflict resolution method**. If you choose **Override** for the **Conflict resolution method**, one or more of the settings for the existing add-on can be overwritten with the Amazon EKS add-on settings. If you don’t enable this option and there’s a conflict with your existing settings, the operation fails. You can use the resulting error message to troubleshoot the conflict. Before choosing this option, make sure that the Amazon EKS add-on doesn’t manage settings that you need to self-manage.
1. If you want to install the add-on into a specific namespace, enter it in the **Namespace** field. For AWS and community add-ons, you can define a custom Kubernetes namespace to install the add-on into. For more information, see [Custom namespace for add-ons](eks-add-ons.md#custom-namespace).
1. Choose **Next**.
1. On the **Review and add** page, choose **Create**. After the add-on installation is complete, you see your installed add-ons.
1. If any of the add-ons that you installed require a subscription, complete the following steps:
1. Choose the **Subscribe** button in the lower right corner for the add-on. You’re taken to the page for the add-on in the AWS Marketplace. Read the information about the add-on such as its **Product Overview** and **Pricing Information**.
1. Select the **Continue to Subscribe** button on the top right of the add-on page.
1. Read through the **Terms and Conditions**. If you agree to them, choose **Accept Terms**. It may take several minutes to process the subscription. While the subscription is processing, the **Return to Amazon EKS Console** button is grayed out.
1. Once the subscription has finished processing, the **Return to Amazon EKS Console** button is no longer grayed out. Choose the button to go back to the Amazon EKS console **Add-ons** tab for your cluster.
1. For the add-on that you subscribed to, choose **Remove and reinstall** and then choose **Reinstall add-on**. Installation of the add-on can take several minutes. When Installation is complete, you can configure the add-on.
## Create add-on (AWS CLI)
1. You need version `2.12.3` or later or version `1.27.160` or later of the AWS Command Line Interface (AWS CLI) installed and configured on your device or AWS CloudShell. To check your current version, use `aws --version | cut -d / -f2 | cut -d ' ' -f1`. Package managers such as `yum`, `apt-get`, or Homebrew for macOS are often several versions behind the latest version of the AWS CLI. To install the latest version, see [Installing](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) and [Quick configuration with aws configure](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config) in the * AWS Command Line Interface User Guide*. The AWS CLI version that is installed in AWS CloudShell might also be several versions behind the latest version. To update it, see [Installing AWS CLI to your home directory](https://docs.aws.amazon.com/cloudshell/latest/userguide/vm-specs.html#install-cli-software) in the * AWS CloudShell User Guide*.
1. Determine which add-ons are available. You can see all available add-ons, their type, and their publisher. You can also see the URL for add-ons that are available through the AWS Marketplace. Replace *1.35* with the version of your cluster.
```
aws eks describe-addon-versions --kubernetes-version 1.35 \
--query 'addons[].{MarketplaceProductUrl: marketplaceInformation.productUrl, Name: addonName, Owner: owner, Publisher: publisher, Type: type}' --output table
```
An example output is as follows.
```
---------------------------------------------------------------------------------------------------------------------------------------------------------
| DescribeAddonVersions |
+---------------------------------------------------------------+-------------------------------+------------------+--------------+---------------------+
| MarketplaceProductUrl | Name | Owner | Publisher | Type |
+---------------------------------------------------------------+-------------------------------+------------------+--------------+---------------------+
| None | aws-ebs-csi-driver | aws | eks | storage |
| None | coredns | aws | eks | networking |
| None | kube-proxy | aws | eks | networking |
| None | vpc-cni | aws | eks | networking |
| None | adot | aws | eks | observability |
| https://aws.amazon.com/marketplace/pp/prodview-brb73nceicv7u | dynatrace_dynatrace-operator | aws-marketplace | dynatrace | monitoring |
| https://aws.amazon.com/marketplace/pp/prodview-uhc2iwi5xysoc | upbound_universal-crossplane | aws-marketplace | upbound | infra-management |
| https://aws.amazon.com/marketplace/pp/prodview-hd2ydsrgqy4li | teleport_teleport | aws-marketplace | teleport | policy-management |
| https://aws.amazon.com/marketplace/pp/prodview-vgghgqdsplhvc | factorhouse_kpow | aws-marketplace | factorhouse | monitoring |
| [...] | [...] | [...] | [...] | [...] |
+---------------------------------------------------------------+-------------------------------+------------------+--------------+---------------------+
```
Your output might be different. In this example output, there are three different add-ons available of type `networking` and five add-ons with a publisher of type `eks`. The add-ons with `aws-marketplace` in the `Owner` column may require a subscription before you can install them. You can visit the URL to learn more about the add-on and to subscribe to it.
1. You can see which versions are available for each add-on. Replace *1.35* with the version of your cluster and replace *vpc-cni* with the name of an add-on returned in the previous step.
```
aws eks describe-addon-versions --kubernetes-version 1.35 --addon-name vpc-cni \
--query 'addons[].addonVersions[].{Version: addonVersion, Defaultversion: compatibilities[0].defaultVersion}' --output table
```
An example output is as follows.
```
------------------------------------------
| DescribeAddonVersions |
+-----------------+----------------------+
| Defaultversion | Version |
+-----------------+----------------------+
| False | v1.12.0-eksbuild.1 |
| True | v1.11.4-eksbuild.1 |
| False | v1.10.4-eksbuild.1 |
| False | v1.9.3-eksbuild.1 |
+-----------------+----------------------+
```
The version with `True` in the `Defaultversion` column is the version that the add-on is created with, by default.
1. (Optional) Find the configuration options for your chosen add-on by running the following command:
```
aws eks describe-addon-configuration --addon-name vpc-cni --addon-version v1.12.0-eksbuild.1
```
```
{
"addonName": "vpc-cni",
"addonVersion": "v1.12.0-eksbuild.1",
"configurationSchema": "{\"$ref\":\"#/definitions/VpcCni\",\"$schema\":\"http://json-schema.org/draft-06/schema#\",\"definitions\":{\"Cri\":{\"additionalProperties\":false,\"properties\":{\"hostPath\":{\"$ref\":\"#/definitions/HostPath\"}},\"title\":\"Cri\",\"type\":\"object\"},\"Env\":{\"additionalProperties\":false,\"properties\":{\"ADDITIONAL_ENI_TAGS\":{\"type\":\"string\"},\"AWS_VPC_CNI_NODE_PORT_SUPPORT\":{\"format\":\"boolean\",\"type\":\"string\"},\"AWS_VPC_ENI_MTU\":{\"format\":\"integer\",\"type\":\"string\"},\"AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER\":{\"format\":\"boolean\",\"type\":\"string\"},\"AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG\":{\"format\":\"boolean\",\"type\":\"string\"},\"AWS_VPC_K8S_CNI_EXTERNALSNAT\":{\"format\":\"boolean\",\"type\":\"string\"},\"AWS_VPC_K8S_CNI_LOGLEVEL\":{\"type\":\"string\"},\"AWS_VPC_K8S_CNI_LOG_FILE\":{\"type\":\"string\"},\"AWS_VPC_K8S_CNI_RANDOMIZESNAT\":{\"type\":\"string\"},\"AWS_VPC_K8S_CNI_VETHPREFIX\":{\"type\":\"string\"},\"AWS_VPC_K8S_PLUGIN_LOG_FILE\":{\"type\":\"string\"},\"AWS_VPC_K8S_PLUGIN_LOG_LEVEL\":{\"type\":\"string\"},\"DISABLE_INTROSPECTION\":{\"format\":\"boolean\",\"type\":\"string\"},\"DISABLE_METRICS\":{\"format\":\"boolean\",\"type\":\"string\"},\"DISABLE_NETWORK_RESOURCE_PROVISIONING\":{\"format\":\"boolean\",\"type\":\"string\"},\"ENABLE_POD_ENI\":{\"format\":\"boolean\",\"type\":\"string\"},\"ENABLE_PREFIX_DELEGATION\":{\"format\":\"boolean\",\"type\":\"string\"},\"WARM_ENI_TARGET\":{\"format\":\"integer\",\"type\":\"string\"},\"WARM_PREFIX_TARGET\":{\"format\":\"integer\",\"type\":\"string\"}},\"title\":\"Env\",\"type\":\"object\"},\"HostPath\":{\"additionalProperties\":false,\"properties\":{\"path\":{\"type\":\"string\"}},\"title\":\"HostPath\",\"type\":\"object\"},\"Limits\":{\"additionalProperties\":false,\"properties\":{\"cpu\":{\"type\":\"string\"},\"memory\":{\"type\":\"string\"}},\"title\":\"Limits\",\"type\":\"object\"},\"Resources\":{\"additionalProperties\":false,\"properties\":{\"limits\":{\"$ref\":\"#/definitions/Limits\"},\"requests\":{\"$ref\":\"#/definitions/Limits\"}},\"title\":\"Resources\",\"type\":\"object\"},\"VpcCni\":{\"additionalProperties\":false,\"properties\":{\"cri\":{\"$ref\":\"#/definitions/Cri\"},\"env\":{\"$ref\":\"#/definitions/Env\"},\"resources\":{\"$ref\":\"#/definitions/Resources\"}},\"title\":\"VpcCni\",\"type\":\"object\"}}}"
}
```
The output is a standard JSON schema.
Here is an example of valid configuration values, in JSON format, that works with the schema above.
```
{
"resources": {
"limits": {
"cpu": "100m"
}
}
}
```
Here is an example of valid configuration values, in YAML format, that works with the schema above.
```
resources:
limits:
cpu: 100m
```
1. Determine if the add-on requires IAM permissions. If so, you need to (1) determine if you want to use EKS Pod Identities or IAM Roles for Service Accounts (IRSA), (2) determine the ARN of the IAM role to use with the add-on, and (3) determine the name of the Kubernetes service account used by the add-on. For more information, see [Retrieve IAM information about an Amazon EKS add-on](retreive-iam-info.md).
+ Amazon EKS suggests using EKS Pod Identities if the add-on supports it. This requires the [Pod Identity Agent is installed on your cluster](pod-identities.md). For more information about using Pod Identities with Add-ons, see [IAM roles for Amazon EKS add-ons](add-ons-iam.md).
+ If the add-on or your cluster is not setup for EKS Pod Identities, use IRSA. [Confirm IRSA is setup on your cluster. ](iam-roles-for-service-accounts.md)
+ [Review the Amazon EKS Add-ons documentation to determine if the add-on requires IAM permissions and the name of the associated Kubernetes service account. ](eks-add-ons.md)
1. Create an Amazon EKS add-on. Copy the command that follows to your device. Make the following modifications to the command as needed and then run the modified command:
+ Replace *my-cluster* with the name of your cluster.
+ Replace *vpc-cni* with an add-on name returned in the output of the previous step that you want to create.
+ Replace *version-number* with the version returned in the output of the previous step that you want to use.
+ If you want to install the add-on into a custom Kubernetes namespace, add the `--namespace-config 'namespace=` option. This option is only available for AWS and community add-ons. For more information, see [Custom namespace for add-ons](eks-add-ons.md#custom-namespace)
+ If the add-on doesn’t require IAM permissions, delete **.
+ Do one of the following:
+ If the add-on (1) requires IAM permissions, and (2) your cluster uses EKS Pod Identities, replace ** with the following pod identity association. Replace ** with the service account name used by the add-on. Replace ** with the ARN of an IAM role. The role must have the trust policy required by EKS Pod Identities.
```
--pod-identity-associations 'serviceAccount=,roleArn='
```
+ If the add-on (1) requires IAM permissions, and (2) your cluster uses IRSA, replace ** with the following IRSA configuration. Replace *111122223333* with your account ID and *role-name* with the name of an existing IAM role that you’ve created. For instructions on creating the role, see the documentation for the add-on that you’re creating. For a list of add-ons, see [AWS add-ons](workloads-add-ons-available-eks.md). Specifying a service account role requires that you have an IAM OpenID Connect (OIDC) provider for your cluster. To determine whether you have one for your cluster, or to create one, see [Create an IAM OIDC provider for your cluster](enable-iam-roles-for-service-accounts.md).
```
--service-account-role-arn arn:aws:iam::111122223333:role/role-name
```
+ These example commands overwrites the `--configuration-values` option of any existing self-managed version of the add-on, if there is one. Replace this with the desired configuration values, such as a string or a file input. If you don’t want to provide configuration values, then delete the `--configuration-values` option. If you don’t want the AWS CLI to overwrite the configuration of an existing self-managed add-on, remove the *--resolve-conflicts OVERWRITE* option. If you remove the option, and the Amazon EKS add-on needs to overwrite the configuration of an existing self-managed add-on, then creation of the Amazon EKS add-on fails with an error message to help you resolve the conflict. Before specifying this option, make sure that the Amazon EKS add-on doesn’t manage settings that you need to manage, because those settings are overwritten with this option.
```
aws eks create-addon --cluster-name my-cluster --addon-name vpc-cni --addon-version version-number \
--configuration-values '{"resources":{"limits":{"cpu":"100m"}}}' --resolve-conflicts OVERWRITE
```
```
aws eks create-addon --cluster-name my-cluster --addon-name vpc-cni --addon-version version-number \
--configuration-values 'file://example.yaml' --resolve-conflicts OVERWRITE
```
For a full list of available options, see ` [create-addon](https://docs.aws.amazon.com/cli/latest/reference/eks/create-addon.html) ` in the Amazon EKS Command Line Reference. If the add-on that you created has `aws-marketplace` listed in the `Owner` column of a previous step, then creation may fail, and you may receive an error message similar to the following error.
```
{
"addon": {
"addonName": "addon-name",
"clusterName": "my-cluster",
"status": "CREATE_FAILED",
"addonVersion": "version",
"health": {
"issues": [
{
"code": "AddonSubscriptionNeeded",
"message": "You are currently not subscribed to this add-on. To subscribe, visit the AWS Marketplace console, agree to the seller EULA, select the pricing type if required, then re-install the add-on"
}
]
}
}
}
```
If you receive an error similar to the error in the previous output, visit the URL in the output of a previous step to subscribe to the add-on. Once subscribed, run the `create-addon` command again.