diff --git a/docs/iam-permissions.md b/docs/iam-permissions.md index 65eb366..72d7502 100644 --- a/docs/iam-permissions.md +++ b/docs/iam-permissions.md @@ -82,7 +82,21 @@ Following IAM permissions are the minimum permissions needed for your IAM user o "eks:DescribeCluster", "eks:ListClusters", "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", "eks:DescribeUpdate", + "eks:TagResource", + "eks:UntagResource", + "eks:ListTagsForResource", + "eks:CreateFargateProfile", + "eks:DeleteFargateProfile", + "eks:DescribeFargateProfile", + "eks:ListFargateProfiles", + "eks:CreateNodegroup", + "eks:DeleteNodegroup", + "eks:DescribeNodegroup", + "eks:ListNodegroups", + "eks:UpdateNodegroupConfig", + "eks:UpdateNodegroupVersion", "iam:AddRoleToInstanceProfile", "iam:AttachRolePolicy", "iam:CreateInstanceProfile", @@ -109,13 +123,22 @@ Following IAM permissions are the minimum permissions needed for your IAM user o "iam:PutRolePolicy", "iam:RemoveRoleFromInstanceProfile", "iam:TagRole", + "iam:UntagRole", "iam:UpdateAssumeRolePolicy", // Following permissions are needed if cluster_enabled_log_types is enabled "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:DeleteLogGroup", "logs:ListTagsLogGroup", - "logs:PutRetentionPolicy" + "logs:PutRetentionPolicy", + // Following permissions for working with secrets_encryption example + "kms:CreateGrant", + "kms:CreateKey", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:ListResourceTags", + "kms:ScheduleKeyDeletion" ], "Resource": "*" }