kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Cognito permissions for AWS LBC.

This commit is contained in:
Dan Ports 2023-09-14 12:15:30 -04:00
parent e31bf381ab
commit ae1584c6f0
8 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/model/iam/iam_builder.go
View File

@ -891,6 +891,8 @@ func AddCCMPermissions(p *Policy, cloudRoutes bool) {
// AddAWSLoadbalancerControllerPermissions adds the permissions needed for the AWS Load Balancer Controller to the givnen policy
func AddAWSLoadbalancerControllerPermissions(p *Policy, enableWAF, enableWAFv2, enableShield bool) {
p.unconditionalAction.Insert(
"cognito-idp:DescribeUserPoolClient",
"acm:DescribeCertificate",
"acm:ListCertificates",

1
tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy
View File

@ -37,6 +37,7 @@
"Action": [
"acm:DescribeCertificate",
"acm:ListCertificates",
"cognito-idp:DescribeUserPoolClient",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",

1
tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy
View File

@ -37,6 +37,7 @@
"Action": [
"acm:DescribeCertificate",
"acm:ListCertificates",
"cognito-idp:DescribeUserPoolClient",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",

1
tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy
View File

@ -37,6 +37,7 @@
"Action": [
"acm:DescribeCertificate",
"acm:ListCertificates",
"cognito-idp:DescribeUserPoolClient",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",

1
tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy
View File

@ -37,6 +37,7 @@
"Action": [
"acm:DescribeCertificate",
"acm:ListCertificates",
"cognito-idp:DescribeUserPoolClient",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",

1
tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy
View File

@ -37,6 +37,7 @@
"Action": [
"acm:DescribeCertificate",
"acm:ListCertificates",
"cognito-idp:DescribeUserPoolClient",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",

1
tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -214,6 +214,7 @@
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeTags",
"cognito-idp:DescribeUserPoolClient",
"ec2:AssignPrivateIpAddresses",
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",

1
tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -214,6 +214,7 @@
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeTags",
"cognito-idp:DescribeUserPoolClient",
"ec2:AssignPrivateIpAddresses",
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",