Skip to content

Commit 799638e

Browse files
ValyaBValyaB
authored
KUBE-1690: Add IAM permissions for AWS capacity reservations (#642)
* Add IAM permissions for AWS capacity reservations
1 parent 2c6ee84 commit 799638e

File tree

2 files changed

+56
-8
lines changed

2 files changed

+56
-8
lines changed

castai/policies/iam-policy.json

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,9 @@
2929
"Action": [
3030
"iam:CreateServiceLinkedRole",
3131
"ec2:CreateKeyPair",
32-
"ec2:DeleteKeyPair",
3332
"ec2:CreateTags",
33+
"ec2:DeleteKeyPair",
34+
"ec2:DescribeCapacityReservations",
3435
"ec2:ImportKeyPair"
3536
],
3637
"Resource": "*"
@@ -40,10 +41,11 @@
4041
"Effect": "Allow",
4142
"Action": "ec2:RunInstances",
4243
"Resource": [
44+
"arn:{{ .Partition }}:ec2:*:{{ .AccountNumber }}:capacity-reservation/*",
45+
"arn:{{ .Partition }}:ec2:*:{{ .AccountNumber }}:key-pair/*",
4346
"arn:{{ .Partition }}:ec2:*:{{ .AccountNumber }}:network-interface/*",
4447
"arn:{{ .Partition }}:ec2:*:{{ .AccountNumber }}:security-group/*",
4548
"arn:{{ .Partition }}:ec2:*:{{ .AccountNumber }}:volume/*",
46-
"arn:{{ .Partition }}:ec2:*:{{ .AccountNumber }}:key-pair/*",
4749
"arn:{{ .Partition }}:ec2:*::image/*"
4850
]
4951
}

castai/sdk/api.gen.go

Lines changed: 52 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)