add eks describe cluster policy

OloruntobiOlurombi · Aug 29, 2024 · b2b6b84 · b2b6b84
1 parent d777a84
commit b2b6b84
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 2 deletions.
diff --git a/.github/workflows/eks-setup.yaml b/.github/workflows/eks-setup.yaml
@@ -111,7 +111,7 @@ jobs:
           fi
 
           kubectl version --client
-          aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.EKS_CLUSTER_NAME }}
+          #aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.EKS_CLUSTER_NAME }}
         EOF
 
     - name: Verify EC2 Instance State 

diff --git a/iam_roles.tf b/iam_roles.tf
@@ -97,4 +97,27 @@ resource "aws_iam_role_policy_attachment" "eks_cni_policy_attachment" {
 resource "aws_iam_role_policy_attachment" "ec2_container_registry_readonly" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
   role       = aws_iam_role.eks_node_group_role.name
-}
+}
+
+# Create a Policy That Allows The eks:DescribeCluster Action
+
+resource "aws_iam_policy" "eks_describe_cluster_policy" {
+  name        = var.eks_describe_cluster_policy_name
+  description = "Policy to allow describing EKS clusters"
+  policy      = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action   = "eks:DescribeCluster"
+        Effect   = "Allow"
+        Resource = "arn:aws:eks:${var.region}:${data.aws_caller_identity.current.account_id}:cluster/${var.cluster_name}"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "eks_describe_cluster_policy_attachment" {
+  role       = aws_iam_role.ec2_instance_role.name
+  policy_arn = aws_iam_policy.eks_describe_cluster_policy.arn
+}
+
diff --git a/variables.tf b/variables.tf
@@ -176,4 +176,9 @@ variable "eks_cluster_role_name" {
 variable "eks_node_group_role_name" {
     type = string 
     default = "eks-node-group-role"
+}
+
+variable "eks_describe_cluster_policy_name" {
+    type = string 
+    default = "eks-describe-cluster-policy"
 }