sparse-intern-71089
12/15/2021, 10:31 AMsparse-spring-91820
12/15/2021, 11:18 AMconst sesPolicy = JSON.stringify({
Version: '2012-10-17',
Statement: [{
Sid: 'EksClusterSesPermissions',
Action: ['ses:*'],
Effect: 'Allow',
Resource: '*'
}]
});
const clusterRole = new aws.iam.Role('cluster-role', {
name: 'my-cluster-role',
assumeRolePolicy: sesPolicy
});
const cluster = new eks.Cluster('cluster', {
name: 'my-eks-cluster',
vpcId: vpc.id,
publicSubnetIds: vpc.publicSubnetIds,
privateSubnetIds: vpc.privateSubnetIds,
desiredCapacity: 2,
minSize: 1,
maxSize: 3,
instanceRole: clusterRole
});
And run pulumi preview
command I get the following output (image below) like I would loose existing node roles which are applied to cluster nodes by default. Will that effect anything?sparse-spring-91820
12/15/2021, 12:26 PMconst sesPolicy = new aws.iam.Policy('ses-policy', {
description: 'EKS cluster SES permissions',
policy: JSON.stringify({
Version: '2012-10-17',
Statement: [{
Sid: 'EksClusterSesPermissions',
Action: ['ses:*'],
Effect: 'Allow',
Resource: '*'
}]
})
});
const cluster = new eks.Cluster('cluster', {
name: 'my-eks-cluster',
vpcId: vpc.id,
publicSubnetIds: vpc.publicSubnetIds,
privateSubnetIds: vpc.privateSubnetIds,
desiredCapacity: 2,
minSize: 1,
maxSize: 3
});
cluster.instanceRoles.apply(attachSesPolicy);
function attachSesPolicy(roles) {
const [role] = roles;
const attachment = new aws.iam.RolePolicyAttachment('ses-policy-attach', {
role: role.name,
policyArn: sesPolicy.arn
});
}
With this approach only will ses policy be added and no roles will be deleted as with the approach 1 i posted abovelimited-army-96747
12/15/2021, 12:46 PMlimited-army-96747
12/15/2021, 12:47 PM{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
},
"Action": "sts:AssumeRole"
}
]
}
limited-army-96747
12/15/2021, 12:47 PMiam.RolePolicyAttachment
limited-army-96747
12/15/2021, 12:49 PMlimited-army-96747
12/15/2021, 12:49 PMsparse-spring-91820
12/16/2021, 11:57 AMsparse-spring-91820
12/16/2021, 11:58 AMinstanceRoles
reuqires instance profile to be specifiedlimited-army-96747
12/16/2021, 10:17 PMlimited-army-96747
12/16/2021, 10:17 PM