fix(karpenter-policy): Added kms permissions for karpenter

uc-cdis · Feb 12, 2024 · 6be519c · 6be519c
1 parent 0f98195
commit 6be519c
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/gen3/bin/kube-setup-karpenter.sh b/gen3/bin/kube-setup-karpenter.sh
@@ -79,6 +79,37 @@ gen3_deploy_karpenter() {
                   "Effect": "Allow",
                   "Resource": "*",
                   "Sid": "ConditionalEC2Termination"
+              },
+              {
+                  "Action": [
+                      "kms:*"
+                  ],
+                  "Effect": "Allow",
+                  "Resource": "*",
+                  "Sid": "Karpenter"
+              },
+              {
+                  "Sid": "VisualEditor0",
+                  "Effect": "Allow",
+                  "Action": [
+                      "kms:GetPublicKey",
+                      "kms:ListKeyPolicies",
+                      "kms:ListRetirableGrants",
+                      "kms:PutKeyPolicy",
+                      "kms:GetKeyPolicy",
+                      "kms:ListResourceTags",
+                      "kms:RetireGrant",
+                      "kms:ListGrants",
+                      "kms:GetParametersForImport",
+                      "kms:DescribeCustomKeyStores",
+                      "kms:ListKeys",
+                      "kms:GetKeyRotationStatus",
+                      "kms:ListAliases",
+                      "kms:RevokeGrant",
+                      "kms:DescribeKey",
+                      "kms:CreateGrant"
+                  ],
+                  "Resource": "*"
               }
           ],
           "Version": "2012-10-17"