Skip to content

Commit

Permalink
feat: Update AWS EBS CSI Driver IAM Policy (#530)
Browse files Browse the repository at this point in the history
  • Loading branch information
@calvinbui
calvinbui authored Oct 21, 2024
1 parent 15fd175 commit 1bc058c
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions modules/iam-role-for-service-accounts-eks/policies.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ data "aws_iam_policy_document" "ebs_csi" {

statement {
actions = ["ec2:CreateVolume"]
resources = ["*"]
resources = ["arn:aws:ec2:*:*:volume/*"]

condition {
test = "StringLike"
Expand All @@ -213,7 +213,7 @@ data "aws_iam_policy_document" "ebs_csi" {

statement {
actions = ["ec2:CreateVolume"]
resources = ["*"]
resources = ["arn:aws:ec2:*:*:volume/*"]

condition {
test = "StringLike"
Expand All @@ -233,6 +233,11 @@ data "aws_iam_policy_document" "ebs_csi" {
}
}

statement {
actions = ["ec2:CreateVolume"]
resources = ["arn:aws:ec2:*:*:snapshot/*"]
}

statement {
actions = ["ec2:DeleteVolume"]
resources = ["*"]
Expand Down

1 comment on commit 1bc058c

@sjtindell
Copy link

@sjtindell sjtindell commented on 1bc058c Oct 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This appears to break deployments for aws gov cloud? Where partition needs to be for example aws-us-gov.

MalformedPolicyDocument: Partition "aws" is not valid

Please sign in to comment.