Add eks:UpdateClusterConfig permission

aws · Oct 17, 2023 · 655ff10 · 655ff10
1 parent b4d4ea3
commit 655ff10
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/.github/actions/e2e/create-cluster/action.yaml b/.github/actions/e2e/create-cluster/action.yaml
@@ -113,6 +113,10 @@ runs:
           - key: CriticalAddonsOnly
             value: "true"
             effect: NoSchedule
+      cloudWatch:
+        clusterLogging:
+          enableTypes: ["*"]
+          logRetentionInDays: 30
       iam:
         serviceRolePermissionsBoundary: "arn:aws:iam::${{ inputs.account_id }}:policy/GithubActionsPermissionsBoundary"
         serviceAccounts:
@@ -162,13 +166,6 @@ runs:
       arn="arn:aws:iam::${{ inputs.account_id }}:oidc-provider/${oidc_id}"
       aws iam tag-open-id-connect-provider --open-id-connect-provider-arn $arn \
          --tags Key=testing/type,Value=e2e  Key=github.com/run-url,Value=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
-  - name: enable control-plane logging for the cluster
-    shell: bash
-    run: |
-      aws eks update-cluster-config \
-        --region ${{ inputs.region }} \
-        --name ${{ inputs.cluster_name }} \
-        --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'
   - name: give KarpenterNodeRole permission to bootstrap
     shell: bash
     run: |

diff --git a/test/cloudformation/iam_cloudformation.yaml b/test/cloudformation/iam_cloudformation.yaml
@@ -144,6 +144,7 @@ Resources:
               - eks:CreateCluster
               - eks:CreateAddon
               - eks:CreateNodegroup
+              - eks:UpdateClusterConfig
               - eks:DeleteCluster
               - eks:ListFargateProfiles
               - eks:TagResource