From 1fa003bee12414422157066cdd4b73aaa5da927d Mon Sep 17 00:00:00 2001 From: Sunny Date: Mon, 23 Dec 2024 13:38:45 +0000 Subject: [PATCH] test/int: Grant new permissions needed by AWS infra terraform-aws-eks version v20.31.4 introduced new tag policies that require extra permissions. Refer https://github.com/terraform-aws-modules/terraform-aws-eks/releases/tag/v20.31.4. Signed-off-by: Sunny --- tests/integration/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/integration/README.md b/tests/integration/README.md index 462c474e..ce73f1bb 100644 --- a/tests/integration/README.md +++ b/tests/integration/README.md @@ -111,16 +111,22 @@ provisioning the infrastructure and running the tests: "eks:UpdateNodegroupVersion", "iam:AttachRolePolicy", "iam:CreateOpenIDConnectProvider", + "iam:CreatePolicy", "iam:CreateRole", "iam:DeleteOpenIDConnectProvider", + "iam:DeletePolicy", "iam:DeleteRole", "iam:DetachRolePolicy", "iam:GetOpenIDConnectProvider", + "iam:GetPolicy", + "iam:GetPolicyVersion", "iam:GetRole", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:TagOpenIDConnectProvider", + "iam:TagPolicy", "iam:TagRole", "ssm:GetParameters" ], @@ -250,16 +256,22 @@ module "aws_gh_actions" { "eks:UpdateNodegroupVersion", "iam:AttachRolePolicy", "iam:CreateOpenIDConnectProvider", + "iam:CreatePolicy", "iam:CreateRole", "iam:DeleteOpenIDConnectProvider", + "iam:DeletePolicy", "iam:DeleteRole", "iam:DetachRolePolicy", "iam:GetOpenIDConnectProvider", + "iam:GetPolicy", + "iam:GetPolicyVersion", "iam:GetRole", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:TagOpenIDConnectProvider", + "iam:TagPolicy", "iam:TagRole", "ssm:GetParameters" ]