Can't use assume role to accesss aws eks which is created by assume role api

I created a aws eks using assume role api. Role A assume role B to performe create EKS api. I create the eks and specify that the EKS's cluster role is role C. As I know,the role C's arn will be stored in eks aws-auth configMap.

When A assume role C to access the created EKS, "Failed to get namespaces: Unauthorized" returned.

I always use assume role to invoke API. Does anyone know, whether aws-auth store role C's arn like 'arn:aws:iam::C:role/k8s-cluster-role' or eks store the role arn in aws-auth in another way.

You have some misconception; The role that is stored in aws-auth configmap for system:masters group in your cluster is not the cluster role, but the iam principal that creates the cluster itself, as per official doc.

> When you create an Amazon EKS cluster, the IAM principal that creates the cluster is automatically granted system:masters permissions in the cluster's role-based access control (RBAC) configuration in the Amazon EKS control plane.

From what you have written, if the sequence is right, and that assume-role approach you are following works properly, you should be able to query your cluster api resources with role-b not role-c, since b is the one you used to create the cluster. In your current setup, you are expecting role C to be able to access cluster resources, though you created with role b.