Update docs to include EKS cluster creation permissions

[SaxyPandaBear]

Error: creating EKS Cluster (cwagent-eks-integ-742c94a460e0d907): AccessDeniedException: User: [ARN] is not authorized to perform: eks:CreateCluster on resource: arn:aws:eks:us-west-2:***:cluster/cwagent-eks-integ-742c94a460e0d907

The public docs say to attach the AmazonEKSClusterPolicy, but I didn't see that you must also create an EKS cluster IAM role: https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html#create-service-role

I'm not sure if we really care to create a whole new role, and it sucks that there isn't a managed policy for this. We should include the necessary permissions in the existing set up documentation

[SaxyPandaBear]

Another thing that is missing is trust relationship for the EKS service principal. This needs to be updated in

amazon-cloudwatch-agent-test/terraform/setup/iam.tf

Line 7 in c0de3c1

assume_role_policy = <<EOF

InvalidParameterException: Following required service principals [eks.amazonaws.com] were not found in the trust relationships of clusterRole arn:aws:iam::***:role/cwa-e2e-iam-role

[SaxyPandaBear]

The docs don't properly reflect the necessary changes. Frustrating. I've been patching this by adding an inline eks:* permission on the Terraform IAM role.