From 22b9706705d2090b9511ae896cf181d4a4b0c0f9 Mon Sep 17 00:00:00 2001 From: brandoconnor Date: Wed, 6 Jun 2018 23:23:32 -0700 Subject: [PATCH] iam policy updated --- .travis.yml | 2 +- examples/eks_test_fixture/README.md | 85 ++++++++++++++++++- .../eks_test_fixture/certs/example.crt.pem | 26 ------ .../eks_test_fixture/certs/example.key.pem | 27 ------ examples/eks_test_fixture/main.tf | 1 + 5 files changed, 84 insertions(+), 57 deletions(-) delete mode 100644 examples/eks_test_fixture/certs/example.crt.pem delete mode 100644 examples/eks_test_fixture/certs/example.key.pem diff --git a/.travis.yml b/.travis.yml index a0d961b..ca7f3ba 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ install: - bundle install before_script: - echo 'before_script' -- export AWS_REGION='us-west-2' +- export AWS_REGION='us-east-1' - export TF_VAR_region=${AWS_REGION} - echo "using AWS_REGION=${AWS_REGION}" - export TF_WARN_OUTPUT_ERRORS=1 diff --git a/examples/eks_test_fixture/README.md b/examples/eks_test_fixture/README.md index 0206bab..376e122 100644 --- a/examples/eks_test_fixture/README.md +++ b/examples/eks_test_fixture/README.md @@ -14,10 +14,89 @@ The following IAM policy is the minimum needed to execute the module from the te "Version": "2012-10-17", "Statement": [ { - "Sid": "Stmt1507789535000", + "Sid": "VisualEditor0", "Effect": "Allow", - "Action": [], - "Resource": ["*"] + "Action": [ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:CreateOrUpdateTags", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:DeleteTags", + "autoscaling:Describe*", + "autoscaling:DetachInstances", + "autoscaling:SetDesiredCapacity", + "autoscaling:UpdateAutoScalingGroup", + "ec2:AllocateAddress", + "ec2:AssignPrivateIpAddresses", + "ec2:Associate*", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateDefaultSubnet", + "ec2:CreateDhcpOptions", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:CreateVpc", + "ec2:DeleteDhcpOptions", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteNetworkInterface", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVolume", + "ec2:DeleteVpc", + "ec2:DeleteVpnGateway", + "ec2:Describe*", + "ec2:DetachInternetGateway", + "ec2:DetachNetworkInterface", + "ec2:DetachVolume", + "ec2:Disassociate*", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:UpdateSecurityGroupRuleDescriptionsEgress", + "ec2:UpdateSecurityGroupRuleDescriptionsIngress", + "eks:CreateCluster", + "eks:DeleteCluster", + "eks:DescribeCluster", + "eks:ListClusters", + "iam:AddRoleToInstanceProfile", + "iam:AttachRolePolicy", + "iam:CreateInstanceProfile", + "iam:CreatePolicy", + "iam:CreatePolicyVersion", + "iam:CreateRole", + "iam:DeleteInstanceProfile", + "iam:DeletePolicy", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DeleteServiceLinkedRole", + "iam:DetachRolePolicy", + "iam:GetInstanceProfile", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:List*", + "iam:PutRolePolicy", + "iam:RemoveRoleFromInstanceProfile", + "iam:UpdateAssumeRolePolicy" + ], + "Resource": "*" } ] } diff --git a/examples/eks_test_fixture/certs/example.crt.pem b/examples/eks_test_fixture/certs/example.crt.pem deleted file mode 100644 index 60964d9..0000000 --- a/examples/eks_test_fixture/certs/example.crt.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIETjCCAzagAwIBAgIJALi9NaeI/EcpMA0GCSqGSIb3DQEBBQUAMHcxCzAJBgNV -BAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEYMBYGA1UE -ChMPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLEw1JVCBEZXBhcnRtZW50MRQwEgYD -VQQDEwtleGFtcGxlLmNvbTAeFw0xNzA5MjcyMTIwNDlaFw0yNzA5MjUyMTIwNDla -MHcxCzAJBgNVBAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRv -bjEYMBYGA1UEChMPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLEw1JVCBEZXBhcnRt -ZW50MRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALAthQw1LG3Q7n8jroaBneqLgSyBMXxpilrWG7oYaNcCt3dY4FF0 -RWp2R+suMB7ObaWZwzIPseYD1M1IJoyeafSCmH/UCHsIaXUyTE9Ml69hxTA+3R4e -mO1mPOQ71dheQ0iX34NviiwhQIDJYGRHPYZTeJ2Y/yWQUw3tthYrE9KvYWx6UhXw -0PbBdHgl6bE/cqARua+Y4jOZO4jRDIwzKOxtK86uhWNBdrrLVNMY6kaNdO40wiZk -b+Q2YrMyvVUUFdE2TljyLqYgPsTvb8Yxh6h9WGqnY8Fg1aYelp98NFd9fVw/Wuqx -3Ub0o8Kpnfi+u5Phg5PewF5OoQTGxRLVpJMCAwEAAaOB3DCB2TAdBgNVHQ4EFgQU -8pucEK8IGWVRbp8cndsPrMoo5mYwgakGA1UdIwSBoTCBnoAU8pucEK8IGWVRbp8c -ndsPrMoo5mahe6R5MHcxCzAJBgNVBAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzAN -BgNVBAcTBkxvbmRvbjEYMBYGA1UEChMPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQL -Ew1JVCBEZXBhcnRtZW50MRQwEgYDVQQDEwtleGFtcGxlLmNvbYIJALi9NaeI/Ecp -MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAK2mwg87BWPuYPkQBESQ -wUiX1L37VGuEjewda1o697OPTD9tWM2IuVjAYKIVx/oTwBwgMzlY8KjfceRYfrTg -YEP9EQ+5KknzgFYC+/SF9ugVke5/JICKQoOqBLboETTTgeYpSlFfKz97nXCAbMVN -/lYB9TCUZ/SdA76ZpIMR0uYH2mCspChWtYjPV9Z8PEwK7EmFuTQS1X/1Oa7O03vC -SU4GiONs7MxJoCrMo/xB6yGDM5NiE6ZqljmQ2238GQ99/VyGMn5uVDpZmXH6dMln -ofEU4fh6sbJvs19KNz9Ql31F0U+hq593T50V8iV+TccBB5ifqfjOnFKmljDjFYeZ -0bg= ------END CERTIFICATE----- diff --git a/examples/eks_test_fixture/certs/example.key.pem b/examples/eks_test_fixture/certs/example.key.pem deleted file mode 100644 index 6158a86..0000000 --- a/examples/eks_test_fixture/certs/example.key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAsC2FDDUsbdDufyOuhoGd6ouBLIExfGmKWtYbuhho1wK3d1jg -UXRFanZH6y4wHs5tpZnDMg+x5gPUzUgmjJ5p9IKYf9QIewhpdTJMT0yXr2HFMD7d -Hh6Y7WY85DvV2F5DSJffg2+KLCFAgMlgZEc9hlN4nZj/JZBTDe22FisT0q9hbHpS -FfDQ9sF0eCXpsT9yoBG5r5jiM5k7iNEMjDMo7G0rzq6FY0F2ustU0xjqRo107jTC -JmRv5DZiszK9VRQV0TZOWPIupiA+xO9vxjGHqH1YaqdjwWDVph6Wn3w0V319XD9a -6rHdRvSjwqmd+L67k+GDk97AXk6hBMbFEtWkkwIDAQABAoIBACHCNzJlpgPM+0Zl -gfXINIhS/weWIfNjDd3mFR4Nu1kn7hvybdlt3DdQPuuzyAi/KYeH9T1MgJxAs7A6 -WRis6kSuGaa07IMW045fevvfA1nZ9D0QbrJszoT/CD/7rzhsp5vrbirzXpiiLof/ -Dndop0NsDzqzrIB4LVIH8NJCouPF4eibhb4XQwvCkG05pvlkeK4OJugF/CpgrJlX -GiXDTZ8Lh/fBXeFpCfcBlgTCPkxcZtuNeddTlEJpY6q8QdofvfpjXmpfQ+63FL5t -GTpoWNtO+UIqwHFQgoH6zGR8bMBx0/FLqrJ8Cq6nj7+uLODGAf4+dJ0m+Cz5t3Om -aHgJWEECgYEA4nXD/FS+Wy69dVei8imp3/x+v0/T4LXf8l8NI/Dzvdg82xU1AgZH -OKqTC2z/z4e+5EAF27kJeOBdh7kqPAF9KMHtd3FsxiYK4RpDlR6JFzHH8h8+v8c/ -Egg0WiXgnqfePHbS+q5wxPloReJm+ue4eSBzR6qyQbtfH0Qp+NIHGkMCgYEAxyir -CMmI3v1u70V9NtNOlt5O1JNy47iUaLgvEJXBPsD+JYWgs4nY8gZcy+Yx1LBRqMbi -LojOUGKGK6jcLOHjVBW9WJoFtTDN59lba5ryNW9AQOJsdeeaPttpWiFID5K0KTno -kGHzxQjioSnP+mDV7jaXZSNcvYGWVRSabkRwb3ECgYA/mBqlbZbXPFTv8uBLaO/P -erSNPPmfDPQKuC6UfUG1elf8ngP4wZKWkzAf8UgVG2W760652UiTrU4WoyT9HN3s -6Cirdiq5qk070YhRA/YzkUM49xVD/cv0YGFzP1fIthNun1+4DeyVJAToOx/4LcJc -IYS+B21vkBKyUQ4IVdKwyQKBgGBq3+KxLwJFz58nFSelxTZlCeUAPW7hvXe1M5Pj -7FplNKUVvGcvJUiGrAZKu3Usp1v+bSH6OWfRSwN4DJ/t/BCJNdHfP0QpDIZiRFAk -A367DXBcLgYmyhYEQ0zPMAPaEj6jOmQsB8gsNQuxIm8k0m0xILpmFE/qnM0z3E/l -8kkBAoGAJJQgk6dl2rlbZGZvjhVKWNmA8LBJWg28r9/6VWSwYNHSPmcReGvhAflg -5vY9yRIuJXc1Dfq57dIpX8OaH2n/Txgs/895NvpUk/AlqQiMrCKUO3M4wAA0/kNx -RHgT16B9lRxvTaaH8Eh5/YMHp8afrOVEwVIMMCZlWii+PbKFyM4= ------END RSA PRIVATE KEY----- diff --git a/examples/eks_test_fixture/main.tf b/examples/eks_test_fixture/main.tf index ec9c12c..e7d7d04 100644 --- a/examples/eks_test_fixture/main.tf +++ b/examples/eks_test_fixture/main.tf @@ -74,4 +74,5 @@ module "eks" { vpc_id = "${module.vpc.vpc_id}" workers_ami_id = "${data.aws_ami.eks_worker.id}" cluster_ingress_cidrs = ["${local.workstation_external_cidr}"] + workers_instance_type = "t2.micro" }