terraform: fix aws worker node permission (#1683)

2025-02-25 09:11:24 -05:00 · 2023-04-27 11:52:32 +02:00 · 2023-04-27 11:52:32 +02:00 · 074844d0cb
commit 074844d0cb
parent 1bdf410b52
1 changed files with 31 additions and 1 deletions
--- a/cli/internal/terraform/terraform/iam/aws/main.tf
+++ b/cli/internal/terraform/terraform/iam/aws/main.tf
@ -130,7 +130,7 @@ resource "aws_iam_role_policy_attachment" "attach_control_plane_policy" {
 resource "aws_iam_instance_profile" "worker_node_instance_profile" {
  name = "${var.name_prefix}_worker_node_instance_profile"
-  role = aws_iam_role.control_plane_role.name
+  role = aws_iam_role.worker_node_role.name
 }
 resource "aws_iam_role" "worker_node_role" {
@ -190,3 +190,33 @@ resource "aws_iam_role_policy_attachment" "attach_worker_node_policy" {
  role       = aws_iam_role.worker_node_role.name
  policy_arn = aws_iam_policy.worker_node_policy.arn
 }
 // Add all permissions here, which are needed by the bootstrapper
 resource "aws_iam_policy" "constellation_bootstrapper_policy" {
  name   = "${var.name_prefix}_constellation_bootstrapper_policy"
  policy = <<EOF
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "elasticloadbalancing:DescribeLoadBalancers"
      ],
      "Resource": "*"
    }
  ]
 }
 EOF
 }
 resource "aws_iam_role_policy_attachment" "attach_bootstrapper_policy_worker" {
  role       = aws_iam_role.worker_node_role.name
  policy_arn = aws_iam_policy.constellation_bootstrapper_policy.arn
 }
 resource "aws_iam_role_policy_attachment" "attach_bootstrapper_policy_control_plane" {
  role       = aws_iam_role.control_plane_role.name
  policy_arn = aws_iam_policy.constellation_bootstrapper_policy.arn
 }