From f3cc5f503a6c0546a8dbe7d73770f718f7044085 Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Tue, 21 Jun 2016 15:42:54 -0400 Subject: [PATCH] AWS kube-up: Authorize route53 in the IAM policy Federation needs this now (on the nodes), and I suspect ingress controllers will shortly want this also. Given we're going to authorize it on the nodes, we should authorize it on the master also (the master is much more trusted). Fix #27467 --- cluster/aws/templates/iam/kubernetes-master-policy.json | 5 +++++ cluster/aws/templates/iam/kubernetes-minion-policy.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/cluster/aws/templates/iam/kubernetes-master-policy.json b/cluster/aws/templates/iam/kubernetes-master-policy.json index f551b132adc..e5cbaea8039 100644 --- a/cluster/aws/templates/iam/kubernetes-master-policy.json +++ b/cluster/aws/templates/iam/kubernetes-master-policy.json @@ -11,6 +11,11 @@ "Action": ["elasticloadbalancing:*"], "Resource": ["*"] }, + { + "Effect": "Allow", + "Action": ["route53:*"], + "Resource": ["*"] + }, { "Effect": "Allow", "Action": "s3:*", diff --git a/cluster/aws/templates/iam/kubernetes-minion-policy.json b/cluster/aws/templates/iam/kubernetes-minion-policy.json index 0a7ba67849e..af81e98c824 100644 --- a/cluster/aws/templates/iam/kubernetes-minion-policy.json +++ b/cluster/aws/templates/iam/kubernetes-minion-policy.json @@ -23,6 +23,11 @@ "Action": "ec2:DetachVolume", "Resource": "*" }, + { + "Effect": "Allow", + "Action": ["route53:*"], + "Resource": ["*"] + }, { "Effect": "Allow", "Action": [