68ea8ad437
The AWS IAM profiles and policies required to run Kargo on AWS are no longer hosted in the kubernetes main repo since kube-up got deprecated. Hence we have to move the files into the kargo repository.
45 lines
885 B
JSON
45 lines
885 B
JSON
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": "s3:*",
|
|
"Resource": [
|
|
"arn:aws:s3:::kubernetes-*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": "ec2:Describe*",
|
|
"Resource": "*"
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": "ec2:AttachVolume",
|
|
"Resource": "*"
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": "ec2:DetachVolume",
|
|
"Resource": "*"
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": ["route53:*"],
|
|
"Resource": ["*"]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"ecr:GetAuthorizationToken",
|
|
"ecr:BatchCheckLayerAvailability",
|
|
"ecr:GetDownloadUrlForLayer",
|
|
"ecr:GetRepositoryPolicy",
|
|
"ecr:DescribeRepositories",
|
|
"ecr:ListImages",
|
|
"ecr:BatchGetImage"
|
|
],
|
|
"Resource": "*"
|
|
}
|
|
]
|
|
}
|