Skip to content

Commit ed9d5a3

Browse files
ankush-sqopsankush-sqops
authored
Release 5.1.0 (#46)
* Changes in managed node group & outputs.tf file. * Changes made for variables & readme updated * Changed variables & updated description. * Upgraded version of EKS from 1.28 to 1.29 & source version from 19.21 to 20.8.0. * Made changes to vpc module inputs. * Update README.md * Removed default addons functionality from EKS module
1 parent 0d33012 commit ed9d5a3

File tree

17 files changed

+972
-737
lines changed

17 files changed

+972
-737
lines changed

IAM.md

Lines changed: 107 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -11,17 +11,26 @@ The Policy required is:
1111
"Sid": "VisualEditor0",
1212
"Effect": "Allow",
1313
"Action": [
14-
"ec2:DescribeImages",
15-
"ec2:DescribeSubnets",
16-
"ec2:DeleteLaunchTemplate",
14+
"ec2:AuthorizeSecurityGroupEgress",
15+
"ec2:AuthorizeSecurityGroupIngress",
1716
"ec2:CreateLaunchTemplate",
17+
"ec2:CreateLaunchTemplateVersion",
18+
"ec2:CreateSecurityGroup",
19+
"ec2:CreateTags",
20+
"ec2:DeleteLaunchTemplate",
21+
"ec2:DeleteSecurityGroup",
22+
"ec2:DeleteTags",
23+
"ec2:DescribeAccountAttributes",
24+
"ec2:DescribeImages",
1825
"ec2:DescribeInstanceTypes",
26+
"ec2:DescribeLaunchTemplateVersions",
1927
"ec2:DescribeLaunchTemplates",
20-
"ec2:DescribeAccountAttributes",
21-
"ec2:DescribeAvailabilityZones",
22-
"ec2:CreateLaunchTemplateVersion",
23-
"ec2:DescribeLaunchTemplateVersions"
24-
28+
"ec2:DescribeNetworkInterfaces",
29+
"ec2:DescribeSecurityGroups",
30+
"ec2:DescribeSubnets",
31+
"ec2:DescribeTags",
32+
"ec2:RevokeSecurityGroupEgress",
33+
"ec2:RevokeSecurityGroupIngress"
2534
],
2635
"Resource": [
2736
"*"
@@ -31,12 +40,22 @@ The Policy required is:
3140
"Sid": "VisualEditor1",
3241
"Effect": "Allow",
3342
"Action": [
34-
"eks:TagResource",
35-
"eks:UntagResource",
43+
"eks:CreateAddon",
44+
"eks:CreateCluster",
3645
"eks:CreateNodegroup",
46+
"eks:DeleteAddon",
47+
"eks:DeleteCluster",
3748
"eks:DeleteNodegroup",
49+
"eks:DescribeAddon",
50+
"eks:DescribeAddonVersions",
3851
"eks:DescribeCluster",
39-
"eks:DescribeNodegroup",
52+
"eks:DescribeNodegroup",
53+
"eks:ListAddons",
54+
"eks:ListTagsForResource",
55+
"eks:TagResource",
56+
"eks:UntagResource",
57+
"eks:UpdateAddon",
58+
"eks:UpdateClusterConfig",
4059
"eks:UpdateNodegroupConfig"
4160
],
4261
"Resource": [
@@ -47,27 +66,91 @@ The Policy required is:
4766
"Sid": "VisualEditor2",
4867
"Effect": "Allow",
4968
"Action": [
50-
"iam:TagRole"
51-
"iam:GetRole",
52-
"iam:GetPolicy",
69+
"iam:AttachRolePolicy",
70+
"iam:CreateOpenIDConnectProvider",
71+
"iam:CreatePolicy",
5372
"iam:CreateRole",
73+
"iam:CreateServiceLinkedRole",
74+
"iam:DeleteOpenIDConnectProvider",
75+
"iam:DeletePolicy",
5476
"iam:DeleteRole",
55-
"iam:ListPolicies",
56-
"iam:CreatePolicy",
57-
"iam:DeletePolicy",
58-
"iam:AttachRolePolicy",
59-
"iam:ListRolePolicies",
60-
"iam:DetachRolePolicy",
77+
"iam:DeleteRolePermissionsBoundary",
78+
"iam:DeleteRolePolicy",
79+
"iam:DetachRolePolicy",
80+
"iam:GetOpenIDConnectProvider",
81+
"iam:GetPolicy",
6182
"iam:GetPolicyVersion",
62-
"iam:ListPolicyVersions",
63-
"iam:CreateServiceLinkedRole",
83+
"iam:GetRole",
84+
"iam:GetRolePolicy",
6485
"iam:ListAttachedRolePolicies",
65-
"iam:ListInstanceProfilesForRole"
86+
"iam:ListInstanceProfilesForRole",
87+
"iam:ListPolicies",
88+
"iam:ListPolicyVersions",
89+
"iam:ListRolePolicies",
90+
"iam:PassRole",
91+
"iam:PutRolePermissionsBoundary",
92+
"iam:PutRolePolicy",
93+
"iam:TagOpenIDConnectProvider",
94+
"iam:TagPolicy",
95+
"iam:TagRole",
96+
"iam:UntagOpenIDConnectProvider",
97+
"iam:UntagPolicy",
98+
"iam:UpdateOpenIDConnectProviderThumbprint",
99+
"iam:UpdateRoleDescription"
100+
],
101+
"Resource": [
102+
"*"
103+
]
104+
},
105+
{
106+
"Sid": "VisualEditor3",
107+
"Effect": "Allow",
108+
"Action": [
109+
"kms:CreateAlias",
110+
"kms:CreateGrant",
111+
"kms:CreateKey",
112+
"kms:DeleteAlias",
113+
"kms:DescribeKey",
114+
"kms:DisableKey",
115+
"kms:EnableKey",
116+
"kms:EnableKeyRotation",
117+
"kms:GetKeyPolicy",
118+
"kms:GetKeyRotationStatus",
119+
"kms:GetParametersForImport",
120+
"kms:ImportKeyMaterial",
121+
"kms:ListAliases",
122+
"kms:ListGrants",
123+
"kms:ListResourceTags",
124+
"kms:PutKeyPolicy",
125+
"kms:ReplicateKey",
126+
"kms:RevokeGrant",
127+
"kms:ScheduleKeyDeletion",
128+
"kms:TagResource",
129+
"kms:UntagResource"
130+
],
131+
"Resource": [
132+
"*"
133+
]
134+
},
135+
{
136+
"Sid": "VisualEditor4",
137+
"Effect": "Allow",
138+
"Action": [
139+
"logs:AssociateKmsKey",
140+
"logs:CreateLogGroup",
141+
"logs:DeleteLogGroup",
142+
"logs:DeleteRetentionPolicy",
143+
"logs:DescribeLogGroups",
144+
"logs:DisassociateKmsKey",
145+
"logs:ListTagsLogGroup",
146+
"logs:PutRetentionPolicy",
147+
"logs:TagLogGroup",
148+
"logs:UntagLogGroup"
66149
],
67150
"Resource": [
68151
"*"
69152
]
70-
}
153+
}
71154
]
72155
}
73156

0 commit comments

Comments
 (0)