{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"tag:GetResources",
"elasticloadbalancing:AddTags"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"eks:*"
],
"Resource": [
"cluster arn value",
"cluster arn value/update-config"
],
"Effect": "Allow"
},
{
"Action": [
"cloudformation:*",
"lambda:InvokeFunction",
"kms:DescribeKey",
"dlm:*"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": "kms:decrypt",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket name/*",
"Effect": "Allow"
},
{
"Action": [
"lambda:AddPermission",
"lambda:RemovePermission"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"events:PutRule",
"events:DeleteRule",
"events:PutTargets",
"events:RemoveTargets"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Inline Policy for Passrole
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "iam:PassRole",
"Resource": "arn value of Control Plane Role",
"Effect": "Allow"
}
]
}