Skip to content

Commit

Permalink
Use hardcoded list of services for "iam:PassedToService" condition
Browse files Browse the repository at this point in the history
  • Loading branch information
artem-nefedov committed Aug 29, 2024
1 parent 910a4a4 commit 140f403
Show file tree
Hide file tree
Showing 12 changed files with 48 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,10 @@ Resources:
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
},
Expand Down
5 changes: 4 additions & 1 deletion website/content/en/docs/reference/cloudformation.md
Original file line number Diff line number Diff line change
Expand Up @@ -375,7 +375,10 @@ This gives EC2 permission explicit permission to use the `KarpenterNodeRole-${Cl
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,10 @@ Resources:
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
},
Expand Down
5 changes: 4 additions & 1 deletion website/content/en/preview/reference/cloudformation.md
Original file line number Diff line number Diff line change
Expand Up @@ -375,7 +375,10 @@ This gives EC2 permission explicit permission to use the `KarpenterNodeRole-${Cl
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,10 @@ Resources:
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
},
Expand Down
5 changes: 4 additions & 1 deletion website/content/en/v0.32/reference/cloudformation.md
Original file line number Diff line number Diff line change
Expand Up @@ -341,7 +341,10 @@ This gives EC2 permission explicit permission to use the `KarpenterNodeRole-${Cl
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,10 @@ Resources:
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
},
Expand Down
5 changes: 4 additions & 1 deletion website/content/en/v0.36/reference/cloudformation.md
Original file line number Diff line number Diff line change
Expand Up @@ -367,7 +367,10 @@ This gives EC2 permission explicit permission to use the `KarpenterNodeRole-${Cl
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,10 @@ Resources:
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
},
Expand Down
5 changes: 4 additions & 1 deletion website/content/en/v0.37/reference/cloudformation.md
Original file line number Diff line number Diff line change
Expand Up @@ -367,7 +367,10 @@ This gives EC2 permission explicit permission to use the `KarpenterNodeRole-${Cl
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,10 @@ Resources:
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
},
Expand Down
5 changes: 4 additions & 1 deletion website/content/en/v1.0/reference/cloudformation.md
Original file line number Diff line number Diff line change
Expand Up @@ -375,7 +375,10 @@ This gives EC2 permission explicit permission to use the `KarpenterNodeRole-${Cl
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.${AWS::URLSuffix}"
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
}
Expand Down

0 comments on commit 140f403

Please sign in to comment.