Better inline policy/arn with essential privileges to create the emr virtualcluster using ACK #2096
Labels
kind/enhancement
Categorizes issue or PR as related to existing feature enhancements.
service/emrcontainers
Indicates issues or PRs that are related to emrcontainers-controller.
What is the URL of the document?
https://aws-controllers-k8s.github.io/community/docs/user-docs/irsa/
Which section(s) is the issue in?
https://github.com/aws-controllers-k8s/emrcontainers-controller/tree/main/config/iam
What needs fixing?
https://github.com/aws-controllers-k8s/emrcontainers-controller/tree/main/config/iam
The following page doesn't have an arn specified similar to ack s3.
https://github.com/aws-controllers-k8s/s3-controller/blob/main/config/iam/recommended-policy-arn
Currently only has an inline policy which is insufficient in terms of cluster creating privileges.
Additional context
A valid arn will be helpful to fix the validation issue which I'm facing while creating a EMR virtual cluster using ACK.
If I give admin privileges I am able to create the virtualcluster successfully which is not ideal for clusters other than test environments.
Appreciate something sImilar to ACK s3:
arn:aws:iam::aws:policy/AmazonS3FullAccess
for ACK EMR as well to be documented.This is the output of
$ kubectl describe virtualclusters
The text was updated successfully, but these errors were encountered: