mirror of https://github.com/kubernetes/kops.git
147 lines
2.9 KiB
JSON
147 lines
2.9 KiB
JSON
{
|
|
"Statement": [
|
|
{
|
|
"Action": [
|
|
"ec2:*"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": "autoscaling:CompleteLifecycleAction",
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"autoscaling:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": "autoscaling:DescribeLifecycleHooks",
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": "autoscaling:DescribeAutoScalingInstances",
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"autoscaling:DescribeAutoScalingGroups",
|
|
"autoscaling:DescribeAutoScalingInstances",
|
|
"autoscaling:DescribeLaunchConfigurations",
|
|
"autoscaling:DescribeTags",
|
|
"autoscaling:SetDesiredCapacity",
|
|
"autoscaling:TerminateInstanceInAutoScalingGroup",
|
|
"autoscaling:UpdateAutoScalingGroup",
|
|
"ec2:DescribeLaunchTemplateVersions"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"elasticloadbalancing:*"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"iam:ListServerCertificates",
|
|
"iam:GetServerCertificate"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:*"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/*"
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:GetBucketLocation",
|
|
"s3:GetEncryptionConfiguration",
|
|
"s3:ListBucket",
|
|
"s3:ListBucketVersions"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:s3:::kops-tests"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"kms:ListGrants",
|
|
"kms:RevokeGrant"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"key-id-1",
|
|
"key-id-2",
|
|
"key-id-3"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"kms:CreateGrant",
|
|
"kms:Decrypt",
|
|
"kms:DescribeKey",
|
|
"kms:Encrypt",
|
|
"kms:GenerateDataKey*",
|
|
"kms:ReEncrypt*"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"key-id-1",
|
|
"key-id-2",
|
|
"key-id-3"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"route53:ListHostedZones"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"ecr:GetAuthorizationToken",
|
|
"ecr:BatchCheckLayerAvailability",
|
|
"ecr:GetDownloadUrlForLayer",
|
|
"ecr:GetRepositoryPolicy",
|
|
"ecr:DescribeRepositories",
|
|
"ecr:ListImages",
|
|
"ecr:BatchGetImage"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
}
|
|
],
|
|
"Version": "2012-10-17"
|
|
}
|