This IAM policy is required if you would like to use the Controller for "Provisioning" and "Ongoing Lifecycle Management" of Amazon EKS clusters. The same policy applies for both IAM Role and IAM User based Cloud Credentials. As new functionality is added, the IAM Policy will need to be updated as well. As a result, customers should make sure that they are using the latest version.
It is possible to use a subset of this IAM Policy for scenarios where (a) certain infra resources are directly managed by the customer or (b) certain capabilities with EKS are not required. Please contact support for details.
|All required AWS resources will be automatically created by the Controller||IAM Policy|
|Customer will create and manage VPC resources||IAM Policy|
|Customer will create and manage both VPC and IAM resources||IAM Policy|
|Example IAM Policy where existing VPC, IAM resources are used and with restrictions on the resources that are managed||IAM Policy|