add permissions for api key and usage plan CRUD

terraform/modules/eks/api-gateway-access-policy.json

@@ -0,0 +1,24 @@
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Sid": "",
+			"Effect": "Allow",
+			"Action": "apigateway:*",
+			"Resource": [
+				"arn:aws:apigateway:*::/apikeys/*",
+				"arn:aws:apigateway:*::/apikeys",
+				"arn:aws:apigateway:*::/restapis/*/authorizers",
+				"arn:aws:apigateway:*::/restapis/*/authorizers/*",
+				"arn:aws:apigateway:*::/usageplans/*/keys/*",
+				"arn:aws:apigateway:*::/usageplans/*/keys"
+			]
+		},
+		{
+			"Sid": "",
+			"Effect": "Allow",
+			"Action": "apigateway:*",
+			"Resource": "arn:aws:apigateway:*::/usageplans/*"
+		}
+	]
+}

terraform/modules/eks/main.tf

@@ -175,6 +175,16 @@ resource "aws_iam_policy" "eks-admin-DatabaseBackupToS3Policy" {
   policy = data.aws_iam_policy_document.eks-admin-DatabaseBackupToS3-document.json
 }
 
+data "aws_iam_policy_document" "eks-admin-APIGatewayAccessPolicy-document" {
+  source_policy_documents = [file("${path.module}/api-gateway-access-policy.json")]
+}
+
+resource "aws_iam_policy" "eks-admin-APIGatewayAccessPolicy" {
+  name   = "APIGatewayAccessPolicy"
+  path   = "/"
+  policy = data.aws_iam_policy_document.eks-admin-APIGatewayAccessPolicy-document.json
+}
+
 resource "aws_iam_role" "ebs_csi_iam_role" {
   name = "AmazonEKS_EBS_CSI_DriverRole"
 
@@ -244,3 +254,8 @@ resource "aws_iam_role_policy_attachment" "eks-node-group-admin-AmazonEKS_EBS_CS
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
   role       = aws_iam_role.eks-node-group-iam-role.name
 }
+
+resource "aws_iam_role_policy_attachment" "eks-node-group-admin-APIGatewayAccessPolicy" {
+  policy_arn = aws_iam_policy.eks-admin-APIGatewayAccessPolicy.arn
+  role       = aws_iam_role.eks-node-group-iam-role.name
+}