EPMDEDP-16736: chore: Update EBS CSI Driver IAM policy to AmazonEBSCSIDriverPolicyV2

AlexeyGol · AlexeyGol · commit 62919a6e3aa2 · 2026-05-04T17:49:19.000+03:00
- Migrate from deprecated AmazonEBSCSIDriverPolicy (v1) to the newer  AmazonEBSCSIDriverPolicyV2 managed policy
  - V2 is AWS's recommended least-privilege policy for EBS CSI Driver
diff --git a/eks/irsa.tf b/eks/irsa.tf
@@ -11,7 +11,7 @@ module "aws_ebs_csi_driver_irsa" {
   permissions_boundary = var.role_permissions_boundary_arn
   use_name_prefix      = false
   policies = {
-    AmazonEBSCSIDriverPolicy = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
+    AmazonEBSCSIDriverPolicy = "arn:aws:iam::aws:policy/AmazonEBSCSIDriverPolicyV2"
   }
 
   oidc_providers = {

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ module "aws_ebs_csi_driver_irsa" {`
`11`	`11`	`permissions_boundary = var.role_permissions_boundary_arn`
`12`	`12`	`use_name_prefix = false`
`13`	`13`	`policies = {`
`14`		`- AmazonEBSCSIDriverPolicy = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"`
	`14`	`+ AmazonEBSCSIDriverPolicy = "arn:aws:iam::aws:policy/AmazonEBSCSIDriverPolicyV2"`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`oidc_providers = {`