From d979aeea2dc2fec123887031c65f2e060745d3c6 Mon Sep 17 00:00:00 2001 From: Leonard Cohnen Date: Mon, 24 Oct 2022 23:35:51 +0200 Subject: [PATCH] terraform: add necessary IAM permissions for AWS --- hack/terraform/aws/iam/main.tf | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/hack/terraform/aws/iam/main.tf b/hack/terraform/aws/iam/main.tf index fbd215681..d9574c242 100644 --- a/hack/terraform/aws/iam/main.tf +++ b/hack/terraform/aws/iam/main.tf @@ -105,7 +105,11 @@ resource "aws_iam_policy" "control_plane_policy" { "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", "iam:CreateServiceLinkedRole", - "kms:DescribeKey" + "kms:DescribeKey", + "logs:DescribeLogGroups", + "logs:ListTagsLogGroup", + "logs:CreateLogStream", + "tag:GetResources" ], "Resource": [ "*" @@ -164,7 +168,11 @@ resource "aws_iam_policy" "worker_node_policy" { "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "logs:DescribeLogGroups", + "logs:ListTagsLogGroup", + "logs:CreateLogStream", + "tag:GetResources" ], "Resource": "*" }