fix(eks): allow describe provisioning lamba to ec2:DescribeVpcs #10917
Conversation
|
|
|
Title does not follow the guidelines of Conventional Commits. Please adjust title before merge. |
The EKS provision lambda requires ec2:DescribeVpcs so that it can configure the EKS cluster in an existing VPC Signed-off-by: Dario Nascimento <dfrnascimento@gmail.com>
dnascimento
changed the title
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| @@ -141,6 +141,7 @@ export class ClusterResource extends CoreConstruct { | |||
| actions: [ | |||
| 'ec2:DescribeSubnets', | |||
| 'ec2:DescribeRouteTables', | |||
| 'ec2:DescribeVpcs' | |||
There was a problem hiding this comment.
The thing is that this already exists here:
aws-cdk/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts
Lines 179 to 186 in fe6ec39
However, this only grants it for the specific VPC its going to use. Why do we need permissions to describe ALL VPC's?
Also, did you add this because you hit the error described here? Im not sure this explains the sporadic behavior.
iliapolo
added
the
response-requested
|
This PR has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
github-actions
bot
added
the
closing-soon
|
Hello Guys, Is there somebody from CDK team who can take a look at this? Thanks in advanced. |
github-actions
bot
removed
closing-soon
|
How are we doing with this PR? |
|
I don't believe this error is caused by the fix proposed in this PR. See #9027 (comment). @dnascimento I'm closing this at the moment, please let me know if you still feel differently. |
The EKS provision lambda requires ec2:DescribeVpcs so that it can configure the EKS cluster in an existing VPC
Signed-off-by: Dario Nascimento dfrnascimento@gmail.com
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license