From 01a4af44a58818efc82065c325ab5b421989db05 Mon Sep 17 00:00:00 2001 From: rrrkharse Date: Thu, 4 May 2023 19:17:15 +0000 Subject: [PATCH 1/2] Add missing TagResource permission needed for EFS CSI --- .../kubernetes-addons/aws-efs-csi-driver/data.tf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/data.tf b/modules/kubernetes-addons/aws-efs-csi-driver/data.tf index eacf140092..e3e848c395 100644 --- a/modules/kubernetes-addons/aws-efs-csi-driver/data.tf +++ b/modules/kubernetes-addons/aws-efs-csi-driver/data.tf @@ -50,6 +50,22 @@ data "aws_iam_policy_document" "aws_efs_csi_driver" { } } + statement { + sid = "AllowTagResource" + effect = "Allow" + resources = [ + "arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:file-system/*", + "arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:access-point/*" + ] + actions = ["elasticfilesystem:TagResource"] + + condition { + test = "StringLike" + variable = "aws:ResourceTag/efs.csi.aws.com/cluster" + values = ["true"] + } + } + statement { actions = [ "elasticfilesystem:ClientRootAccess", From 071ca5f5e6c53376db632020cf770713fcfb9b9c Mon Sep 17 00:00:00 2001 From: Apoorva Kulkarni Date: Thu, 4 May 2023 13:42:55 -0700 Subject: [PATCH 2/2] fix pre-commit errors --- ADOPTERS.md | 2 +- modules/kubernetes-addons/aws-efs-csi-driver/data.tf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ADOPTERS.md b/ADOPTERS.md index 2157e96a02..00f0e55820 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -13,6 +13,6 @@ If you are using EKS Blueprints for Terraform please consider adding yourself as | Organization | Description | Contacts | Link | | --- | --- | --- | --- | -| PITS Global Data Recovery Services | PITS Global Data Recovery Services is a leading global recovery company based in the United States. With a team of highly skilled and experienced data recovery experts, we are dedicated to providing top-notch data recovery services to businesses and individuals across the country. Our team understands how critical data is and takes pride in recovering lost, corrupted, or deleted files quickly and effectively. Regardless of the data loss scenario, our team of experts has the tools and expertise to get your data back.| info@pitsdatarecovery.net | https://www.pitsdatarecovery.net/ | +| PITS Global Data Recovery Services | PITS Global Data Recovery Services is a leading global recovery company based in the United States. With a team of highly skilled and experienced data recovery experts, we are dedicated to providing top-notch data recovery services to businesses and individuals across the country. Our team understands how critical data is and takes pride in recovering lost, corrupted, or deleted files quickly and effectively. Regardless of the data loss scenario, our team of experts has the tools and expertise to get your data back.| info@pitsdatarecovery.net | https://www.pitsdatarecovery.net/ | | AlgoDx AB | At AlgoDx, we are dedicated to developing and implementing clinically validated ML-based clinical decision support software that save lives and reduce costs in healthcare, primarily targeting intensive and critical care. We achieve this through the integration of our state-of-the-art AI precision medicine platform with health systems’ electronic medical records. | sebastian.olsson@algodx.com, info+engineering@algodx.com | https://www.algodx.com/ | | Swyft Logistics | Swyft is an award-winning, tech-enabled last-mile e-Parcel delivery service provider, primarily operating in the fashion, electronics, and personal care industries. Swyft aspires to reinvent logistics in Pakistan and connecting people beyond possibilities. Our focus is on innovation, development of technologies and processes. | abdul.rauf@swyftlogistics.com, haider.aslam@swyftlogistics.com, osama.maruf@swyftlogistics.com, | https://www.swyftlogistics.com/ | diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/data.tf b/modules/kubernetes-addons/aws-efs-csi-driver/data.tf index e3e848c395..bfc51fda0b 100644 --- a/modules/kubernetes-addons/aws-efs-csi-driver/data.tf +++ b/modules/kubernetes-addons/aws-efs-csi-driver/data.tf @@ -51,13 +51,13 @@ data "aws_iam_policy_document" "aws_efs_csi_driver" { } statement { - sid = "AllowTagResource" - effect = "Allow" + sid = "AllowTagResource" + effect = "Allow" resources = [ "arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:file-system/*", "arn:${var.addon_context.aws_partition_id}:elasticfilesystem:${var.addon_context.aws_region_name}:${var.addon_context.aws_caller_identity_account_id}:access-point/*" ] - actions = ["elasticfilesystem:TagResource"] + actions = ["elasticfilesystem:TagResource"] condition { test = "StringLike"