AWS kube-up: Authorize route53 in the IAM policy

Federation needs this now (on the nodes), and I suspect ingress controllers will shortly want this also. Given we're going to authorize it on the nodes, we should authorize it on the master also (the master is much more trusted). Fix #27467
2025-07-22 11:21:47 +00:00 · 2016-06-21 15:42:54 -04:00 · 2016-06-21 15:42:54 -04:00 · f3cc5f503a
commit f3cc5f503a
parent ee87a39f04
2 changed files with 10 additions and 0 deletions
--- a/cluster/aws/templates/iam/kubernetes-master-policy.json
+++ b/cluster/aws/templates/iam/kubernetes-master-policy.json
@ -11,6 +11,11 @@
      "Action": ["elasticloadbalancing:*"],
      "Resource": ["*"]
    },
+    {
+      "Effect": "Allow",
+      "Action": ["route53:*"],
+      "Resource": ["*"]
+    },
    {
      "Effect": "Allow",
      "Action": "s3:*",
--- a/cluster/aws/templates/iam/kubernetes-minion-policy.json
+++ b/cluster/aws/templates/iam/kubernetes-minion-policy.json
@ -23,6 +23,11 @@
      "Action": "ec2:DetachVolume",
      "Resource": "*"
    },
+    {
+      "Effect": "Allow",
+      "Action": ["route53:*"],
+      "Resource": ["*"]
+    },
    {
      "Effect": "Allow",
      "Action": [