Add System Manager permissions to the worker nodes (#1353)

* Add System Manager permissions to the worker nodes * Commit changes made by code formatters Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
ministryofjustice · Sep 13, 2021 · c3b021c · c3b021c
1 parent 0b5973d
commit c3b021c
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/terraform/aws-accounts/cloud-platform-aws/vpc/eks/cluster.tf b/terraform/aws-accounts/cloud-platform-aws/vpc/eks/cluster.tf
@@ -122,6 +122,9 @@ module "eks" {
     monitoring_ng = local.monitoring_ng
   }
 
+  # add System Manager permissions to the worker nodes. This will enable access to worker nodes using session manager
+  workers_additional_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]
+
   # Out of the box you can't specify groups to map, just users. Some people did some workarounds
   # we can explore later: https://ygrene.tech/mapping-iam-groups-to-eks-user-access-66fd745a6b77
   map_users = [