Merge pull request #22 from /issues/19-doc-iam-policies

Document IAM policies and link to sample manifest

README.md

@@ -13,6 +13,22 @@ configured by [eksctl](https://eksctl.io) through GitOps.
 - [Fluentd](https://www.fluentd.org/) & Amazon's [CloudWatch agent](https://aws.amazon.com/cloudwatch/) -- for cluster & containers' [log collection, aggregation & analytics in CloudWatch](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-logs.html).
 - [podinfo](https://github.com/stefanprodan/podinfo) --  a toy demo application.
 
+## Pre-requisites
+
+A running EKS cluster with [IAM policies](https://eksctl.io/usage/iam-policies/) for:
+
+- ALB ingress
+- auto-scaler
+- CloudWatch
+
+[Here](https://github.com/weaveworks/eksctl/blob/master/examples/eks-quickstart-app-dev.yaml) is a sample `ClusterConfig` manifest that shows how to enable these policies.
+
+**N.B.**: policies are configured at node group level.
+Therefore, depending on your use-case, you may want to:
+
+- add these policies to all node groups,
+- add [node selectors](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) to the ALB ingress, auto-scaler and CloudWatch pods, so that they are deployed on the nodes configured with these policies.
+
 ## Get in touch
 
 [Create an issue](https://github.com/weaveworks/eks-quickstart-app-dev/issues/new), or