feat: Update karpenter permissions for making more accurate decisions…

… regarding spot deployments (#694)
aws-ia · Jun 27, 2022 · 684d9c6 · 684d9c6
1 parent 41073f6
commit 684d9c6
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/modules/kubernetes-addons/karpenter/data.tf b/modules/kubernetes-addons/karpenter/data.tf
@@ -5,20 +5,22 @@ data "aws_iam_policy_document" "karpenter" {
     resources = ["*"]
 
     actions = [
-      "ec2:CreateLaunchTemplate",
       "ec2:CreateFleet",
-      "ec2:RunInstances",
+      "ec2:CreateLaunchTemplate",
       "ec2:CreateTags",
-      "iam:PassRole",
       "ec2:DeleteLaunchTemplate",
-      "ec2:DescribeLaunchTemplates",
+      "ec2:DescribeAvailabilityZones",
       "ec2:DescribeInstances",
+      "ec2:DescribeInstanceTypeOfferings",
+      "ec2:DescribeInstanceTypes",
+      "ec2:DescribeLaunchTemplates",
       "ec2:DescribeSecurityGroups",
+      "ec2:DescribeSpotPriceHistory",
       "ec2:DescribeSubnets",
-      "ec2:DescribeInstanceTypes",
-      "ec2:DescribeInstanceTypeOfferings",
-      "ec2:DescribeAvailabilityZones",
-      "ssm:GetParameter"
+      "ec2:RunInstances",
+      "iam:PassRole",
+      "pricing:GetProducts",
+      "ssm:GetParameter",
     ]
   }