From 321298a9c81f0aef8f00ae1e66e8baaa184381ec Mon Sep 17 00:00:00 2001 From: GuyTempleton Date: Wed, 16 Feb 2022 22:10:18 +0000 Subject: [PATCH] CA - AWS - Update OIDC example docs --- .../cloudprovider/aws/CA_with_AWS_IAM_OIDC.md | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/cluster-autoscaler/cloudprovider/aws/CA_with_AWS_IAM_OIDC.md b/cluster-autoscaler/cloudprovider/aws/CA_with_AWS_IAM_OIDC.md index 217bd3d505eb..cf251787c234 100644 --- a/cluster-autoscaler/cloudprovider/aws/CA_with_AWS_IAM_OIDC.md +++ b/cluster-autoscaler/cloudprovider/aws/CA_with_AWS_IAM_OIDC.md @@ -53,9 +53,11 @@ D) Set up [Cluster Autoscaler Auto-Discovery] using the [tutorial] . Note: The keys for the tags that you entered don't have values. Cluster Autoscaler ignores any value set for the keys. -- Create an IAM Policy for cluster autoscaler and to enable AutoDiscovery. +__NOTE:__ Please see [the README](README.md#IAM-Policy) for more information on best practices with this IAM role. -```sh +- Create an IAM Policy for cluster autoscaler and to enable AutoDiscovery as well as discovery of instance types. + +```json { "Version": "2012-10-17", "Statement": [ @@ -66,17 +68,23 @@ Note: The keys for the tags that you entered don't have values. Cluster Autoscal "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:DescribeInstanceTypes", + "ec2:DescribeLaunchTemplateVersions" + ], + "Resource": ["*"] + }, + { + "Effect": "Allow", + "Action": [ "autoscaling:SetDesiredCapacity", "autoscaling:TerminateInstanceInAutoScalingGroup" ], - "Resource": "*" + "Resource": ["*"] } ] } ``` -NOTE: ``` autoscaling:DescribeTags ``` is very important if you are making use of the AutoDiscovery feature of the Cluster AutoScaler. - - Attach the above created policy to the *instance role* that's attached to your Amazon EKS worker nodes. - Download a deployment example file provided by the Cluster Autoscaler project on GitHub, run the following command: