terraform: add necessary IAM permissions for AWS

2024-12-25 15:39:37 -05:00 · 2022-10-24 23:35:51 +02:00 · 2022-10-24 23:35:51 +02:00 · d979aeea2d
commit d979aeea2d
parent be2b38f2ac
1 changed files with 10 additions and 2 deletions
--- a/hack/terraform/aws/iam/main.tf
+++ b/hack/terraform/aws/iam/main.tf
@ -105,7 +105,11 @@ resource "aws_iam_policy" "control_plane_policy" {
        "elasticloadbalancing:DeregisterTargets",
        "elasticloadbalancing:SetLoadBalancerPoliciesOfListener",
        "iam:CreateServiceLinkedRole",
-        "kms:DescribeKey"
+        "kms:DescribeKey",
        "logs:DescribeLogGroups",
        "logs:ListTagsLogGroup",
        "logs:CreateLogStream",
        "tag:GetResources"
      ],
      "Resource": [
        "*"
@ -164,7 +168,11 @@ resource "aws_iam_policy" "worker_node_policy" {
        "ecr:GetRepositoryPolicy",
        "ecr:DescribeRepositories",
        "ecr:ListImages",
-        "ecr:BatchGetImage"
+        "ecr:BatchGetImage",
        "logs:DescribeLogGroups",
        "logs:ListTagsLogGroup",
        "logs:CreateLogStream",
        "tag:GetResources"
      ],
      "Resource": "*"
    }