github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-02-24 11:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

docs: Update required IAM permissions list (#936)

Browse Source 
NodeGroups, Fargate, EKS tagging, KMS
This commit is contained in:
Daniel Piddock
2020-07-13 21:22:41 +02:00
committed by GitHub
parent 23ad497557
commit 7d86a6c757
1 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
docs/iam-permissions.md
View File

@@ -82,7 +82,21 @@ Following IAM permissions are the minimum permissions needed for your IAM user o
"eks:DescribeCluster",
"eks:ListClusters",
"eks:UpdateClusterConfig",
"eks:UpdateClusterVersion",
"eks:DescribeUpdate",
"eks:TagResource",
"eks:UntagResource",
"eks:ListTagsForResource",
"eks:CreateFargateProfile",
"eks:DeleteFargateProfile",
"eks:DescribeFargateProfile",
"eks:ListFargateProfiles",
"eks:CreateNodegroup",
"eks:DeleteNodegroup",
"eks:DescribeNodegroup",
"eks:ListNodegroups",
"eks:UpdateNodegroupConfig",
"eks:UpdateNodegroupVersion",
"iam:AddRoleToInstanceProfile",
"iam:AttachRolePolicy",
"iam:CreateInstanceProfile",
@@ -109,13 +123,22 @@ Following IAM permissions are the minimum permissions needed for your IAM user o
"iam:PutRolePolicy",
"iam:RemoveRoleFromInstanceProfile",
"iam:TagRole",
"iam:UntagRole",
"iam:UpdateAssumeRolePolicy",
// Following permissions are needed if cluster_enabled_log_types is enabled
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"logs:DeleteLogGroup",
"logs:ListTagsLogGroup",
"logs:PutRetentionPolicy"
"logs:PutRetentionPolicy",
// Following permissions for working with secrets_encryption example
"kms:CreateGrant",
"kms:CreateKey",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:GetKeyRotationStatus",
"kms:ListResourceTags",
"kms:ScheduleKeyDeletion"
],
"Resource": "*"
}