From 09fe0e4bdde1c349155998391ca070f1f350567f Mon Sep 17 00:00:00 2001 From: Aldo Lacuku Date: Wed, 17 Jul 2024 10:28:37 +0200 Subject: [PATCH] update(config/cluster): adjust iam role for autoscaler Signed-off-by: Aldo Lacuku --- config/clusters/iam.tf | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/config/clusters/iam.tf b/config/clusters/iam.tf index 9d89739df3..12eceb77d9 100644 --- a/config/clusters/iam.tf +++ b/config/clusters/iam.tf @@ -35,14 +35,27 @@ data "aws_iam_policy_document" "cluster_autoscaler_policy_doc" { statement { effect = "Allow" resources = ["*"] + actions = [ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeTags", + "autoscaling:DescribeScalingActivities", + "ec2:DescribeImages", + "ec2:DescribeInstanceTypes", + "ec2:DescribeLaunchTemplateVersions", + "ec2:GetInstanceTypesFromInstanceRequirements", + "eks:DescribeNodegroup", + ] + } + + statement { + effect = "Allow" + resources = ["*"] + + actions = [ "autoscaling:SetDesiredCapacity", "autoscaling:TerminateInstanceInAutoScalingGroup", - "ec2:DescribeLaunchTemplateVersions" ] } }