Skip to content

Commit

Permalink
test: Add Upgrade Permissions to IAM and Scope Policy (aws#4100)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonathan-innis
jonathan-innis authored Jun 21, 2023
1 parent 90165ec commit d32ffa7
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions test/gha/cloudformation/iam_cloudformation.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,10 @@ Resources:
- iam:CreatePolicy
- iam:DeletePolicy
- iam:GetPolicy
- iam:CreatePolicyVersion
- iam:DeletePolicyVersion
- iam:ListPolicyVersions
Resource: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/*"
Resource: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/KarpenterControllerPolicy-*"
- Effect: Allow
Action:
- cloudformation:CreateChangeSet
Expand All @@ -96,9 +98,13 @@ Resources:
- cloudformation:DescribeStacks
- cloudformation:DescribeStackEvents
- cloudformation:ExecuteChangeSet
- cloudformation:ListStacks
- cloudformation:GetTemplate
- cloudformation:GetTemplateSummary
Resource:
- !Sub "arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/iam-*"
- !Sub "arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/eksctl-*"
- Effect: Allow
Action: cloudformation:ListStacks
Resource: !Sub "arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/*"
- Effect: Allow
Action:
Expand Down

0 comments on commit d32ffa7

Please sign in to comment.