Skip to content

Commit

Permalink
Merge pull request #300 from sassoftware/PSKD-678
Browse files Browse the repository at this point in the history
fix: (PSKD-678) viya4-aws-iac creates an incomplete IAM policy for the autoscaler Service Account
  • Loading branch information
undr-rowr authored Sep 6, 2024
2 parents 8718e08 + e10d5c7 commit f50549f
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions modules/aws_autoscaling/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@


# Permissions based off the IAM Policy recommended by kubernetes/autoscaler
# https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.25.0/cluster-autoscaler/cloudprovider/aws/README.md
# https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.36.0/cluster-autoscaler/cloudprovider/aws/README.md
data "aws_iam_policy_document" "worker_autoscaling" {
statement {
sid = "eksWorkerAutoscalingAll"
Expand All @@ -17,6 +17,9 @@ data "aws_iam_policy_document" "worker_autoscaling" {
"autoscaling:DescribeTags",
"ec2:DescribeInstanceTypes",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeImages",
"ec2:GetInstanceTypesFromInstanceRequirements",
"eks:DescribeNodegroup"
]

resources = ["*"]
Expand All @@ -29,10 +32,7 @@ data "aws_iam_policy_document" "worker_autoscaling" {
actions = [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"ec2:DescribeImages",
"ec2:GetInstanceTypesFromInstanceRequirements",
"eks:DescribeNodegroup"
"autoscaling:UpdateAutoScalingGroup"
]

resources = ["*"]
Expand Down

0 comments on commit f50549f

Please sign in to comment.