From 6d13a194b7e56783087e1ca59647cac7b0b53679 Mon Sep 17 00:00:00 2001
From: Ilya Dmitrichenko <errordeveloper@gmail.com>
Date: Thu, 1 Nov 2018 08:39:36 +0000
Subject: [PATCH] Allow nodes to write CloudWatch metrics

This is primarily in order to facilitate exporting CNI metrics (ref #278)
---
 pkg/cfn/builder/iam.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/cfn/builder/iam.go b/pkg/cfn/builder/iam.go
index 299d739aba..f37009aaa5 100644
--- a/pkg/cfn/builder/iam.go
+++ b/pkg/cfn/builder/iam.go
@@ -72,6 +72,9 @@ func (c *ClusterResourceSet) addResourcesForIAM() {
 		"ec2:CreateSecurityGroup",
 		"ec2:Describe*",
 	})
+	c.rs.attachAllowPolicy("PolicyCloudWatchMetrics", refSR, "*", []string{
+		"cloudwatch:PutMetricData",
+	})
 }
 
 // WithIAM states, if IAM roles will be created or not