From a29c1b2b3ff6a785903a3fbc6163189fbcda4a64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mudrini=C4=87?= <mudrinic.mare@gmail.com>
Date: Thu, 6 Jul 2023 11:18:59 +0200
Subject: [PATCH] Drop iam:CreateServiceLinkedRole from EKS permission boundary
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
---
 .../aws/terraform/modules/eks-prow-iam/boundary_eks_resources.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/infra/aws/terraform/modules/eks-prow-iam/boundary_eks_resources.tf b/infra/aws/terraform/modules/eks-prow-iam/boundary_eks_resources.tf
index 42064780175..2415808b2c0 100644
--- a/infra/aws/terraform/modules/eks-prow-iam/boundary_eks_resources.tf
+++ b/infra/aws/terraform/modules/eks-prow-iam/boundary_eks_resources.tf
@@ -79,7 +79,6 @@ data "aws_iam_policy_document" "eks_resources_permission_boundary_doc" {
 
     actions = [
       "iam:AttachRolePolicy",
-      "iam:CreateServiceLinkedRole",
       "iam:DeleteRolePolicy",
       "iam:PutRolePolicy",
       "iam:PutRolePermissionsBoundary",