@@ -141,6 +141,7 @@ partial_name: eks-pod-identity-prerequisites
141141 - The following policies must be assigned to the IAM role created for the Palette identity service (for example,
142142 ` SpectroCloudIdentityRole ` ).
143143
144+ - Replace ` <aws-account-id> ` with your AWS account ID.
144145 - Replace ` <role-name-for-palette-iam-role> ` with the name of the IAM role created for Palette (for example,
145146 ` SpectroCloudRole ` ).
146147
@@ -151,25 +152,46 @@ partial_name: eks-pod-identity-prerequisites
151152 "Version" : " 2012-10-17"
152153 "Statement" : [
153154 {
154- "Sid" : " EKS Pod Identity Management "
155+ "Sid" : " EKSPodIdentityManagement "
155156 "Effect" : " Allow"
156157 "Action" : [
157158 " eks:ListPodIdentityAssociations"
158159 " eks:CreatePodIdentityAssociation"
159160 " eks:DeletePodIdentityAssociation"
160161 ],
161- "Resource" : [" arn:aws:eks:*:*:cluster/*"
162+ "Resource" : [
163+ " *"
164+ ]
162165 },
163166 {
164- "Sid" : " IAM PassRole for Pod Identity "
167+ "Sid" : " EC2 "
165168 "Effect" : " Allow"
166- "Action" : [" iam:PassRole"
167- "Resource" : [" arn:aws:iam::*:role/<role-name-for-palette-iam-role>"
168- "Condition" : {
169- "StringLike" : {
170- "iam:PassedToService" : " eks.amazonaws.com"
171- }
172- }
169+ "Action" : [
170+ " ec2:DescribeInstances"
171+ ],
172+ "Resource" : [
173+ " *"
174+ ]
175+ },
176+ {
177+ "Sid" : " IAM"
178+ "Effect" : " Allow"
179+ "Action" : [
180+ " iam:GetRole"
181+ ],
182+ "Resource" : [
183+ " arn:aws:iam::<aws-account-id>:role/<role-name-for-palette-iam-role>"
184+ ]
185+ },
186+ {
187+ "Sid" : " IAMPassRoleforPodIdentity"
188+ "Effect" : " Allow"
189+ "Action" : [
190+ " iam:PassRole"
191+ ],
192+ "Resource" : [
193+ " arn:aws:iam::<aws-account-id>:role/<role-name-for-palette-iam-role>"
194+ ]
173195 }
174196 ]
175197 }
0 commit comments