This is an AWS IAM Policy with all the minimum permissions to let Jenkins X Boot work on EKS
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "VisualEditor0", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "dynamodb:CreateTable", | |
| "s3:GetObject", | |
| "cloudformation:ListStacks", | |
| "cloudformation:DescribeStackEvents", | |
| "dynamodb:DescribeTable", | |
| "s3:CreateBucket", | |
| "kms:CreateKey", | |
| "s3:ListBucket", | |
| "s3:PutBucketVersioning", | |
| "cloudformation:DescribeStacks" | |
| ], | |
| "Resource": "*" | |
| }, | |
| { | |
| "Sid": "VisualEditor1", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "iam:GetRole", | |
| "iam:GetPolicy", | |
| "ecr:CreateRepository", | |
| "iam:AttachUserPolicy", | |
| "iam:CreateRole", | |
| "iam:DeleteRole", | |
| "iam:AttachRolePolicy", | |
| "iam:CreateAccessKey", | |
| "iam:CreateOpenIDConnectProvider", | |
| "iam:CreatePolicy", | |
| "iam:DetachRolePolicy", | |
| "cloudformation:CreateStack", | |
| "cloudformation:DeleteStack", | |
| "ecr:DescribeRepositories", | |
| "iam:GetOpenIDConnectProvider" | |
| ], | |
| "Resource": [ | |
| "arn:aws:iam::*:policy/CFN*", | |
| "arn:aws:iam::*:policy/*jenkins-x-vault*", | |
| "arn:aws:iam::*:oidc-provider/*", | |
| "arn:aws:iam::*:role/*addon-iamserviceaccoun*", | |
| "arn:aws:iam::*:user/*", | |
| "arn:aws:ecr:*:*:repository/*", | |
| "arn:aws:cloudformation:*:*:stack/JenkinsXPolicies*/*", | |
| "arn:aws:cloudformation:*:*:stack/*addon-iamserviceaccount*/*", | |
| "arn:aws:cloudformation:*:*:stack/*jenkins-x-vault*/*" | |
| ] | |
| }, | |
| { | |
| "Sid": "VisualEditor2", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "iam:CreatePolicy", | |
| "iam:DetachRolePolicy", | |
| "iam:GetPolicy", | |
| "iam:CreateRole", | |
| "iam:AttachRolePolicy", | |
| "iam:GetOpenIDConnectProvider", | |
| "iam:CreateOpenIDConnectProvider" | |
| ], | |
| "Resource": [ | |
| "arn:aws:iam::*:oidc-provider/*", | |
| "arn:aws:iam::*:role/*addon-iamserviceaccoun*", | |
| "arn:aws:iam::*:policy/CFN*" | |
| ] | |
| }, | |
| { | |
| "Sid": "VisualEditor3", | |
| "Effect": "Allow", | |
| "Action": "eks:*", | |
| "Resource": [ | |
| "arn:aws:eks:*:*:fargateprofile/*/*/*", | |
| "arn:aws:eks:*:*:cluster/*", | |
| "arn:aws:eks:*:*:nodegroup/*/*/*" | |
| ] | |
| } | |
| ] | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment