From 97a0294806236b56ca2ce514e46b74c47e18e0b6 Mon Sep 17 00:00:00 2001 From: MAMIP Bot Date: Fri, 1 Nov 2024 22:05:22 +0000 Subject: [PATCH] Update detected --- policies/AmazonEKSComputePolicy | 95 +++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 policies/AmazonEKSComputePolicy diff --git a/policies/AmazonEKSComputePolicy b/policies/AmazonEKSComputePolicy new file mode 100644 index 0000000000..378be53f70 --- /dev/null +++ b/policies/AmazonEKSComputePolicy @@ -0,0 +1,95 @@ +{ + "PolicyVersion": { + "CreateDate": "2024-11-01T21:46:52Z", + "VersionId": "v1", + "Document": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "ec2:CreateFleet", + "ec2:RunInstances" + ], + "Resource": [ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*" + ], + "Effect": "Allow" + }, + { + "Action": [ + "ec2:CreateFleet", + "ec2:RunInstances" + ], + "Resource": "arn:aws:ec2:*:*:launch-template/*", + "Effect": "Allow", + "Condition": { + "StringEquals": { + "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + }, + { + "Action": [ + "ec2:CreateFleet", + "ec2:RunInstances", + "ec2:CreateLaunchTemplate" + ], + "Resource": "*", + "Effect": "Allow", + "Condition": { + "StringLike": { + "aws:RequestTag/eks:kubernetes-node-class-name": "*", + "aws:RequestTag/eks:kubernetes-node-pool-name": "*" + }, + "ForAllValues:StringLike": { + "aws:TagKeys": [ + "eks:eks-cluster-name", + "eks:kubernetes-node-class-name", + "eks:kubernetes-node-pool-name", + "kubernetes.io/cluster/*" + ] + }, + "StringEquals": { + "aws:RequestTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + }, + { + "Action": "ec2:CreateTags", + "Resource": "*", + "Effect": "Allow", + "Condition": { + "StringEquals": { + "ec2:CreateAction": [ + "CreateFleet", + "RunInstances", + "CreateLaunchTemplate" + ] + } + } + }, + { + "Action": "iam:AddRoleToInstanceProfile", + "Resource": "arn:aws:iam::*:instance-profile/eks-compute-*", + "Effect": "Allow" + }, + { + "Action": "iam:PassRole", + "Resource": "*", + "Effect": "Allow", + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + } + } + ] + }, + "IsDefaultVersion": true + } +}