Before you create worker nodes, you must create an IAM role with the following IAM policies:
AmazonEKSWorkerNodePolicy
AmazonEKS_CNI_Policy
AmazonEC2ContainerRegistryReadOnly
When create the role, select AWS Service --> EC2 use case, not EKS use case.