From 52cca4fb67bfc7e8d1870b7edc8f96c4f528b3c6 Mon Sep 17 00:00:00 2001 From: vchintal Date: Tue, 24 Oct 2023 10:28:45 -0700 Subject: [PATCH] Minimizing the scope of Client EC2 privileges --- patterns/privatelink-access/client.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/patterns/privatelink-access/client.tf b/patterns/privatelink-access/client.tf index 7e82674496..ff0ad87691 100644 --- a/patterns/privatelink-access/client.tf +++ b/patterns/privatelink-access/client.tf @@ -82,7 +82,8 @@ resource "aws_iam_policy" "eks_full_access_policy" { Statement = [ { Action = [ - "eks:*" + "eks:DescribeCluster", + "eks:ListClusters" ] Effect = "Allow" Resource = module.eks.cluster_arn