How to minimize IAM role permission for Kops of AWS k8s
Question
This is a list of IAM role permission that Kops need on AWS.
AmazonEC2FullAccess
AmazonRoute53FullAccess
AmazonS3FullAccess
IAMFullAccess
AmazonVPCFullAccess
It giving too much permission, this is the permission that allows access to other resources. (almost admin)
Especially IAMFullAccess can cause huge problem.
I want to give minimum permission required for Kops operation.
I wonder if there is any good things.
related to : https://github.com/kubernetes/kops/issues/1873
1 answers
solution1
0 2020-11-06 16:46:15
We have more concern on VPC full. So we created subnet and passed and changed access to vpcReadonly which worked for us but unfortunately you can't pass iam role so you have to give full access so it cam create the iam roles and attach to node.
Also kops won't touch resources not created by him. Thanks to terraform. Also they tag the resources (wherever possible) with owner as kubernetes name something so yes you can trust them.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.