From e10d5c7505fae1670e7d0f8c5eb9ec5f31286789 Mon Sep 17 00:00:00 2001
From: Ian Dominno <Ian.Dominno@sas.com>
Date: Fri, 6 Sep 2024 14:46:59 -0400
Subject: [PATCH] fix: (PSKD-678) viya4-aws-iac creates an incomplete IAM
 policy for the autoscaler Service Account

---
 modules/aws_autoscaling/main.tf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/aws_autoscaling/main.tf b/modules/aws_autoscaling/main.tf
index 6db3fa0..a5aaa84 100644
--- a/modules/aws_autoscaling/main.tf
+++ b/modules/aws_autoscaling/main.tf
@@ -3,7 +3,7 @@
 
 
 # Permissions based off the IAM Policy recommended by kubernetes/autoscaler
-# https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.25.0/cluster-autoscaler/cloudprovider/aws/README.md
+# https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.36.0/cluster-autoscaler/cloudprovider/aws/README.md
 data "aws_iam_policy_document" "worker_autoscaling" {
   statement {
     sid    = "eksWorkerAutoscalingAll"
@@ -17,6 +17,9 @@ data "aws_iam_policy_document" "worker_autoscaling" {
       "autoscaling:DescribeTags",
       "ec2:DescribeInstanceTypes",
       "ec2:DescribeLaunchTemplateVersions",
+      "ec2:DescribeImages",
+      "ec2:GetInstanceTypesFromInstanceRequirements",
+      "eks:DescribeNodegroup"
     ]
 
     resources = ["*"]
@@ -29,10 +32,7 @@ data "aws_iam_policy_document" "worker_autoscaling" {
     actions = [
       "autoscaling:SetDesiredCapacity",
       "autoscaling:TerminateInstanceInAutoScalingGroup",
-      "autoscaling:UpdateAutoScalingGroup",
-      "ec2:DescribeImages",
-      "ec2:GetInstanceTypesFromInstanceRequirements",
-      "eks:DescribeNodegroup"
+      "autoscaling:UpdateAutoScalingGroup"
     ]
 
     resources = ["*"]