mirror of https://github.com/kubernetes/kops.git
249 lines
6.2 KiB
JSON
249 lines
6.2 KiB
JSON
{
|
|
"Statement": [
|
|
{
|
|
"Action": [
|
|
"ec2:DescribeAccountAttributes",
|
|
"ec2:DescribeInstances",
|
|
"ec2:DescribeInternetGateways",
|
|
"ec2:DescribeRegions",
|
|
"ec2:DescribeRouteTables",
|
|
"ec2:DescribeSecurityGroups",
|
|
"ec2:DescribeSubnets",
|
|
"ec2:DescribeVolumes"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"ec2:CreateSecurityGroup",
|
|
"ec2:CreateTags",
|
|
"ec2:CreateVolume",
|
|
"ec2:DescribeVolumesModifications",
|
|
"ec2:ModifyInstanceAttribute",
|
|
"ec2:ModifyVolume"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"ec2:AttachVolume",
|
|
"ec2:AuthorizeSecurityGroupIngress",
|
|
"ec2:CreateRoute",
|
|
"ec2:DeleteRoute",
|
|
"ec2:DeleteSecurityGroup",
|
|
"ec2:DeleteVolume",
|
|
"ec2:DetachVolume",
|
|
"ec2:RevokeSecurityGroupIngress"
|
|
],
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"ec2:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"ec2:AttachVolume",
|
|
"ec2:AuthorizeSecurityGroupIngress",
|
|
"ec2:CreateRoute",
|
|
"ec2:DeleteRoute",
|
|
"ec2:DeleteSecurityGroup",
|
|
"ec2:DeleteVolume",
|
|
"ec2:DetachVolume",
|
|
"ec2:RevokeSecurityGroupIngress"
|
|
],
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"ec2:ResourceTag/kubernetes.io/cluster/iam-builder-test.k8s.local": "owned"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": "autoscaling:CompleteLifecycleAction",
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"autoscaling:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": "autoscaling:DescribeLifecycleHooks",
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": "autoscaling:DescribeAutoScalingInstances",
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"autoscaling:DescribeAutoScalingGroups",
|
|
"autoscaling:DescribeLaunchConfigurations",
|
|
"autoscaling:DescribeTags",
|
|
"ec2:DescribeLaunchTemplateVersions"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"autoscaling:CompleteLifecycleAction",
|
|
"autoscaling:DescribeAutoScalingInstances"
|
|
],
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"autoscaling:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"elasticloadbalancing:AddTags",
|
|
"elasticloadbalancing:AttachLoadBalancerToSubnets",
|
|
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
|
|
"elasticloadbalancing:CreateLoadBalancer",
|
|
"elasticloadbalancing:CreateLoadBalancerPolicy",
|
|
"elasticloadbalancing:CreateLoadBalancerListeners",
|
|
"elasticloadbalancing:ConfigureHealthCheck",
|
|
"elasticloadbalancing:DeleteLoadBalancer",
|
|
"elasticloadbalancing:DeleteLoadBalancerListeners",
|
|
"elasticloadbalancing:DescribeLoadBalancers",
|
|
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
|
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
|
|
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
|
|
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
|
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
|
|
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"ec2:DescribeVpcs",
|
|
"elasticloadbalancing:AddTags",
|
|
"elasticloadbalancing:CreateListener",
|
|
"elasticloadbalancing:CreateTargetGroup",
|
|
"elasticloadbalancing:DeleteListener",
|
|
"elasticloadbalancing:DeleteTargetGroup",
|
|
"elasticloadbalancing:DeregisterTargets",
|
|
"elasticloadbalancing:DescribeListeners",
|
|
"elasticloadbalancing:DescribeLoadBalancerPolicies",
|
|
"elasticloadbalancing:DescribeTargetGroups",
|
|
"elasticloadbalancing:DescribeTargetHealth",
|
|
"elasticloadbalancing:ModifyListener",
|
|
"elasticloadbalancing:ModifyTargetGroup",
|
|
"elasticloadbalancing:RegisterTargets",
|
|
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"iam:ListServerCertificates",
|
|
"iam:GetServerCertificate"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:Get*"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/*"
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:GetBucketLocation",
|
|
"s3:GetEncryptionConfiguration",
|
|
"s3:ListBucket",
|
|
"s3:ListBucketVersions"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:s3:::kops-tests"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"kms:CreateGrant",
|
|
"kms:Decrypt",
|
|
"kms:DescribeKey",
|
|
"kms:Encrypt",
|
|
"kms:GenerateDataKey*",
|
|
"kms:ReEncrypt*"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"key-id-1",
|
|
"key-id-2",
|
|
"key-id-3"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"autoscaling:SetDesiredCapacity",
|
|
"autoscaling:TerminateInstanceInAutoScalingGroup"
|
|
],
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"autoscaling:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"autoscaling:DescribeAutoScalingGroups",
|
|
"autoscaling:DescribeAutoScalingInstances",
|
|
"autoscaling:DescribeLaunchConfigurations"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
}
|
|
],
|
|
"Version": "2012-10-17"
|
|
}
|