Merge pull request #232 from tablexi/lp-update_clusterautoscaler_policy

phoolish · web-flow · commit 76b94d5ffa41 · 2023-11-07T14:13:20.000-06:00
UPDATE cluster autoscaler IAM policy
diff --git a/aws/eks/main.tf b/aws/eks/main.tf
@@ -266,6 +266,8 @@ data "aws_iam_policy_document" "cluster-autoscaler-trust-relationship" {
   }
 }
 
+# Recommended Policy
+# https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#full-cluster-autoscaler-features-policy-recommended
 data "aws_iam_policy_document" "cluster-autoscaler" {
   version = "2012-10-17"
 
@@ -274,10 +276,15 @@ data "aws_iam_policy_document" "cluster-autoscaler" {
       "autoscaling:DescribeAutoScalingGroups",
       "autoscaling:DescribeAutoScalingInstances",
       "autoscaling:DescribeLaunchConfigurations",
+      "autoscaling:DescribeScalingActivities",
       "autoscaling:DescribeTags",
+      "ec2:DescribeInstanceTypes",
+      "ec2:DescribeLaunchTemplateVersions",
       "autoscaling:SetDesiredCapacity",
       "autoscaling:TerminateInstanceInAutoScalingGroup",
-      "ec2:DescribeLaunchTemplateVersions",
+      "ec2:DescribeImages",
+      "ec2:GetInstanceTypesFromInstanceRequirements",
+      "eks:DescribeNodegroup"
     ]
     effect    = "Allow"
     resources = ["*"]
