Created
February 23, 2023 16:54
-
-
Save ranchodeluxe/9ae8b089618a2a6d0a06aab449f4b6ac to your computer and use it in GitHub Desktop.
example of cluster config CNI addon policies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| addons: | |
| - name: vpc-cni | |
| version: 1.7.5 # not sure what version we are currently at b/c I don't have any k8 RBAC access | |
| attachPolicyARNs: | |
| - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy | |
| serviceAccountRoleARN: arn:aws:iam::aws:policy/<whatever> | |
| tags: | |
| team: eks | |
| attachPolicy: | |
| Statement: # just showing what should currenlty exist for this role | |
| - Effect: Allow | |
| Action: | |
| - ec2:AssignPrivateIpAddresses | |
| - ec2:AttachNetworkInterface | |
| - ec2:CreateNetworkInterface | |
| - ec2:DeleteNetworkInterface | |
| - ec2:DescribeInstances | |
| - ec2:DescribeTags | |
| - ec2:DescribeNetworkInterfaces | |
| - ec2:DescribeInstanceTypes | |
| - ec2:DetachNetworkInterface | |
| - ec2:ModifyNetworkInterfaceAttribute | |
| - ec2:UnassignPrivateIpAddresses | |
| Resource: '*' | |
| Statement: # OUR WANTED ADDITIONS BELOW | |
| - Effect: Allow | |
| Action: | |
| - s3:PutObject | |
| - s3:GetObject | |
| - s3.ListBucketMultipartUploads | |
| - s3.AbortMultipartUpload | |
| - s3.ListBucketVersions | |
| - s3.CreateBucket | |
| - s3.ListBucket | |
| - s3.DeleteObject | |
| - s3.GetBucketLocation | |
| - s3.ListMultipartUploadParts | |
| Resource: | |
| - arn:aws:s3:::veda-data-store, | |
| - 'arn:aws:s3:::veda-data-store/*' | |
| - arn:aws:s3:::veda-data-store-staging | |
| - 'arn:aws:s3:::veda-data-store-staging/*' | |
| - - Effect: Allow | |
| Action: | |
| - s3:ListAllMyBuckets | |
| Resource: '*' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment