From f3cc5f503a6c0546a8dbe7d73770f718f7044085 Mon Sep 17 00:00:00 2001
From: Justin Santa Barbara <justin@fathomdb.com>
Date: Tue, 21 Jun 2016 15:42:54 -0400
Subject: [PATCH] AWS kube-up: Authorize route53 in the IAM policy

Federation needs this now (on the nodes), and I suspect ingress
controllers will shortly want this also.  Given we're going to authorize
it on the nodes, we should authorize it on the master also (the master
is much more trusted).

Fix #27467
---
 cluster/aws/templates/iam/kubernetes-master-policy.json | 5 +++++
 cluster/aws/templates/iam/kubernetes-minion-policy.json | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/cluster/aws/templates/iam/kubernetes-master-policy.json b/cluster/aws/templates/iam/kubernetes-master-policy.json
index f551b132adc..e5cbaea8039 100644
--- a/cluster/aws/templates/iam/kubernetes-master-policy.json
+++ b/cluster/aws/templates/iam/kubernetes-master-policy.json
@@ -11,6 +11,11 @@
       "Action": ["elasticloadbalancing:*"],
       "Resource": ["*"]
     },
+    {
+      "Effect": "Allow",
+      "Action": ["route53:*"],
+      "Resource": ["*"]
+    },
     {
       "Effect": "Allow",
       "Action": "s3:*",
diff --git a/cluster/aws/templates/iam/kubernetes-minion-policy.json b/cluster/aws/templates/iam/kubernetes-minion-policy.json
index 0a7ba67849e..af81e98c824 100644
--- a/cluster/aws/templates/iam/kubernetes-minion-policy.json
+++ b/cluster/aws/templates/iam/kubernetes-minion-policy.json
@@ -23,6 +23,11 @@
       "Action": "ec2:DetachVolume",
       "Resource": "*"
     },
+    {
+      "Effect": "Allow",
+      "Action": ["route53:*"],
+      "Resource": ["*"]
+    },
     {
       "Effect": "Allow",
       "Action": [