github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-04-27 02:48:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

docs: Update required IAM permissions list (#936)

Browse Source 
NodeGroups, Fargate, EKS tagging, KMS
This commit is contained in:
Daniel Piddock
2020-07-13 21:22:41 +02:00
committed by GitHub
parent 23ad497557
commit 7d86a6c757
1 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
docs/iam-permissions.md
View File

@@ -82,7 +82,21 @@ Following IAM permissions are the minimum permissions needed for your IAM user o
"eks:DescribeCluster", "eks:DescribeCluster",
"eks:ListClusters", "eks:ListClusters",
"eks:UpdateClusterConfig", "eks:UpdateClusterConfig",
"eks:UpdateClusterVersion",
"eks:DescribeUpdate", "eks:DescribeUpdate",
"eks:TagResource",
"eks:UntagResource",
"eks:ListTagsForResource",
"eks:CreateFargateProfile",
"eks:DeleteFargateProfile",
"eks:DescribeFargateProfile",
"eks:ListFargateProfiles",
"eks:CreateNodegroup",
"eks:DeleteNodegroup",
"eks:DescribeNodegroup",
"eks:ListNodegroups",
"eks:UpdateNodegroupConfig",
"eks:UpdateNodegroupVersion",
"iam:AddRoleToInstanceProfile", "iam:AddRoleToInstanceProfile",
"iam:AttachRolePolicy", "iam:AttachRolePolicy",
"iam:CreateInstanceProfile", "iam:CreateInstanceProfile",
@@ -109,13 +123,22 @@ Following IAM permissions are the minimum permissions needed for your IAM user o
"iam:PutRolePolicy", "iam:PutRolePolicy",
"iam:RemoveRoleFromInstanceProfile", "iam:RemoveRoleFromInstanceProfile",
"iam:TagRole", "iam:TagRole",
"iam:UntagRole",
"iam:UpdateAssumeRolePolicy", "iam:UpdateAssumeRolePolicy",
// Following permissions are needed if cluster_enabled_log_types is enabled // Following permissions are needed if cluster_enabled_log_types is enabled
"logs:CreateLogGroup", "logs:CreateLogGroup",
"logs:DescribeLogGroups", "logs:DescribeLogGroups",
"logs:DeleteLogGroup", "logs:DeleteLogGroup",
"logs:ListTagsLogGroup", "logs:ListTagsLogGroup",
"logs:PutRetentionPolicy" "logs:PutRetentionPolicy",
// Following permissions for working with secrets_encryption example
"kms:CreateGrant",
"kms:CreateKey",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:GetKeyRotationStatus",
"kms:ListResourceTags",
"kms:ScheduleKeyDeletion"
], ],
"Resource": "*" "Resource": "*"
} }