Permissions for @turbot/aws-eks
Taking a look at permissions and associated grant levels for each permission for EKS:
| Permission | Grant Level | Help |
|---|---|---|
| ec2:DescribeSecurityGroups | Metadata | |
| ec2:DescribeSubnets | Metadata | |
| ec2:DescribeVpcs | Metadata | |
| eks:CreateCluster | Admin | Admins can create an Amazon EKS control plane. |
| eks:CreateFargateProfile | Admin | |
| eks:CreateNodegroup | Admin | |
| eks:DeleteCluster | Admin | |
| eks:DeleteFargateProfile | Admin | |
| eks:DeleteNodegroup | Admin | |
| eks:DescribeCluster | Metadata | |
| eks:DescribeFargateProfile | Metadata | |
| eks:DescribeNodegroup | Metadata | |
| eks:DescribeUpdate | Metadata | |
| eks:ListClusters | Metadata | |
| eks:ListFargateProfiles | Metadata | |
| eks:ListNodegroups | Metadata | |
| eks:ListTagsForResource | Metadata | |
| eks:ListUpdates | Metadata | |
| eks:TagResource | Operator | |
| eks:UntagResource | Operator | |
| eks:UpdateClusterConfig | Operator | |
| eks:UpdateClusterVersion | Admin | |
| eks:UpdateNodegroupConfig | Admin | |
| eks:UpdateNodegroupVersion | Admin | |
| iam:ListRoles | Metadata | |
| iam:PassRole | Admin | Admins can associate an existing EKS service-linked role to create a cluster. |