diff --git a/hack/terraform/aws/iam/main.tf b/hack/terraform/aws/iam/main.tf index fbd215681..d9574c242 100644 --- a/hack/terraform/aws/iam/main.tf +++ b/hack/terraform/aws/iam/main.tf @@ -105,7 +105,11 @@ resource "aws_iam_policy" "control_plane_policy" { "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", "iam:CreateServiceLinkedRole", - "kms:DescribeKey" + "kms:DescribeKey", + "logs:DescribeLogGroups", + "logs:ListTagsLogGroup", + "logs:CreateLogStream", + "tag:GetResources" ], "Resource": [ "*" @@ -164,7 +168,11 @@ resource "aws_iam_policy" "worker_node_policy" { "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "logs:DescribeLogGroups", + "logs:ListTagsLogGroup", + "logs:CreateLogStream", + "tag:GetResources" ], "Resource": "*" }