From 8632213c9badd98becbfd8c2809a1d1e006899a7 Mon Sep 17 00:00:00 2001 From: Kishor Joshi Date: Wed, 22 Feb 2023 19:59:06 -0800 Subject: [PATCH] update IAM policy template (#3046) * update IAM policy template * Update docs/install/iam_policy_us-gov.json Co-authored-by: Joey Stout * Update docs/install/iam_policy_cn.json Co-authored-by: Joey Stout * fix upstream prow tests for 2.4 branch set ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.20, since 2.4 branch uses go 1.19 --------- Co-authored-by: Jeff Nelson Co-authored-by: Joey Stout --- docs/install/iam_policy.json | 22 ++++++++++++++++++++++ docs/install/iam_policy_cn.json | 22 ++++++++++++++++++++++ docs/install/iam_policy_us-gov.json | 22 ++++++++++++++++++++++ 3 files changed, 66 insertions(+) diff --git a/docs/install/iam_policy.json b/docs/install/iam_policy.json index a8d47c8ba..25293bfb8 100644 --- a/docs/install/iam_policy.json +++ b/docs/install/iam_policy.json @@ -177,6 +177,28 @@ "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" ] }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "StringEquals": { + "elasticloadbalancing:CreateAction": [ + "CreateTargetGroup", + "CreateLoadBalancer" + ] + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, { "Effect": "Allow", "Action": [ diff --git a/docs/install/iam_policy_cn.json b/docs/install/iam_policy_cn.json index f545a2a35..a0d5edd5c 100644 --- a/docs/install/iam_policy_cn.json +++ b/docs/install/iam_policy_cn.json @@ -177,6 +177,28 @@ "arn:aws-cn:elasticloadbalancing:*:*:listener-rule/app/*/*/*" ] }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags" + ], + "Resource": [ + "arn:aws-cn:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws-cn:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws-cn:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "StringEquals": { + "elasticloadbalancing:CreateAction": [ + "CreateTargetGroup", + "CreateLoadBalancer" + ] + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, { "Effect": "Allow", "Action": [ diff --git a/docs/install/iam_policy_us-gov.json b/docs/install/iam_policy_us-gov.json index f6acb4ead..85a4ba214 100644 --- a/docs/install/iam_policy_us-gov.json +++ b/docs/install/iam_policy_us-gov.json @@ -177,6 +177,28 @@ "arn:aws-us-gov:elasticloadbalancing:*:*:listener-rule/app/*/*/*" ] }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags" + ], + "Resource": [ + "arn:aws-us-gov:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws-us-gov:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws-us-gov:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "StringEquals": { + "elasticloadbalancing:CreateAction": [ + "CreateTargetGroup", + "CreateLoadBalancer" + ] + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, { "Effect": "Allow", "Action": [