Skip to content

Commit

Permalink
UPDATE cluster autoscaler IAM policy
Browse files Browse the repository at this point in the history
  • Loading branch information
phoolish committed Nov 7, 2023
1 parent 607620c commit 499d96c
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion aws/eks/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,8 @@ data "aws_iam_policy_document" "cluster-autoscaler-trust-relationship" {
}
}

# Recommended Policy
# https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#full-cluster-autoscaler-features-policy-recommended
data "aws_iam_policy_document" "cluster-autoscaler" {
version = "2012-10-17"

Expand All @@ -274,10 +276,15 @@ data "aws_iam_policy_document" "cluster-autoscaler" {
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeTags",
"ec2:DescribeInstanceTypes",
"ec2:DescribeLaunchTemplateVersions",
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeImages",
"ec2:GetInstanceTypesFromInstanceRequirements",
"eks:DescribeNodegroup"
]
effect = "Allow"
resources = ["*"]
Expand Down

0 comments on commit 499d96c

Please sign in to comment.