Skip to content

Commit

Permalink
Fix permission to allow ingress creation
Browse files Browse the repository at this point in the history
  • Loading branch information
@discordianfish
discordianfish committed Jan 22, 2018
1 parent 8a509f2 commit e3cf1d2
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions kubernetes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -780,17 +780,25 @@ Resources:
- "ec2:CreateTags" # these should be scoped.
Resource:
- "*"
- Effect: Allow
Action:
- "ec2:ModifyInstanceAttribute"
- "ec2:AuthorizeSecurityGroup*" # k8s needs to run this on the k8s managed and stack SG below
Resource:
- "*"
Condition:
StringEquals:
"ec2:ResourceTag/aws:cloudformation:stack-id": !Ref AWS::StackId
- Effect: Allow
Action:
- "ec2:AuthorizeSecurityGroup*"
- "ec2:DeleteSecurityGroup"
- "ec2:ModifyInstanceAttribute"
- "ec2:DeleteRoute"
Resource:
- "*"
Condition:
StringEquals:
"ec2:ResourceTag/aws:cloudformation:stack-id": !Ref AWS::StackId
"ec2:ResourceTag/KubernetesCluster": !Ref DomainName
- Effect: Allow
Action:
- "autoscaling:SetDesiredCapacity"
Expand Down

0 comments on commit e3cf1d2

Please sign in to comment.