agent-claw: automated task changes
This commit is contained in:
daniel
13
cdk/node_modules/aws-cdk-lib/aws-eks/.jsiirc.json
generated
vendored
Normal file
13
cdk/node_modules/aws-cdk-lib/aws-eks/.jsiirc.json
generated
vendored
Normal file
@@ -0,0 +1,13 @@
|
||||
{
|
||||
"targets": {
|
||||
"java": {
|
||||
"package": "software.amazon.awscdk.services.eks"
|
||||
},
|
||||
"dotnet": {
|
||||
"namespace": "Amazon.CDK.AWS.EKS"
|
||||
},
|
||||
"python": {
|
||||
"module": "aws_cdk.aws_eks"
|
||||
}
|
||||
}
|
||||
}
|
||||
2204
cdk/node_modules/aws-cdk-lib/aws-eks/README.md
generated
vendored
Normal file
2204
cdk/node_modules/aws-cdk-lib/aws-eks/README.md
generated
vendored
Normal file
File diff suppressed because it is too large
Load Diff
1
cdk/node_modules/aws-cdk-lib/aws-eks/index.d.ts
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/index.d.ts
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
export * from './lib';
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/index.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/index.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
339
cdk/node_modules/aws-cdk-lib/aws-eks/lib/access-entry.d.ts
generated
vendored
Normal file
339
cdk/node_modules/aws-cdk-lib/aws-eks/lib/access-entry.d.ts
generated
vendored
Normal file
@@ -0,0 +1,339 @@
|
||||
import type { Construct } from 'constructs';
|
||||
import type { ICluster } from './cluster';
|
||||
import type { AccessEntryReference, IAccessEntryRef } from './eks.generated';
|
||||
import type { IResource, RemovalPolicy } from '../../core';
|
||||
import { Resource } from '../../core';
|
||||
/**
|
||||
* Represents an access entry in an Amazon EKS cluster.
|
||||
*
|
||||
* An access entry defines the permissions and scope for a user or role to access an Amazon EKS cluster.
|
||||
*
|
||||
* @interface IAccessEntry
|
||||
* @extends {IResource}
|
||||
* @property {string} accessEntryName - The name of the access entry.
|
||||
* @property {string} accessEntryArn - The Amazon Resource Name (ARN) of the access entry.
|
||||
*/
|
||||
export interface IAccessEntry extends IResource, IAccessEntryRef {
|
||||
/**
|
||||
* The name of the access entry.
|
||||
* @attribute
|
||||
*/
|
||||
readonly accessEntryName: string;
|
||||
/**
|
||||
* The Amazon Resource Name (ARN) of the access entry.
|
||||
* @attribute
|
||||
*/
|
||||
readonly accessEntryArn: string;
|
||||
}
|
||||
/**
|
||||
* Represents the attributes of an access entry.
|
||||
*/
|
||||
export interface AccessEntryAttributes {
|
||||
/**
|
||||
* The name of the access entry.
|
||||
*/
|
||||
readonly accessEntryName: string;
|
||||
/**
|
||||
* The Amazon Resource Name (ARN) of the access entry.
|
||||
*/
|
||||
readonly accessEntryArn: string;
|
||||
}
|
||||
/**
|
||||
* Represents the scope type of an access policy.
|
||||
*
|
||||
* The scope type determines the level of access granted by the policy.
|
||||
*
|
||||
* @export
|
||||
* @enum {string}
|
||||
*/
|
||||
export declare enum AccessScopeType {
|
||||
/**
|
||||
* The policy applies to a specific namespace within the cluster.
|
||||
*/
|
||||
NAMESPACE = "namespace",
|
||||
/**
|
||||
* The policy applies to the entire cluster.
|
||||
*/
|
||||
CLUSTER = "cluster"
|
||||
}
|
||||
/**
|
||||
* Represents the scope of an access policy.
|
||||
*
|
||||
* The scope defines the namespaces or cluster-level access granted by the policy.
|
||||
*
|
||||
* @interface AccessScope
|
||||
* @property {string[]} [namespaces] - The namespaces to which the policy applies, if the scope type is 'namespace'.
|
||||
* @property {AccessScopeType} type - The scope type of the policy, either 'namespace' or 'cluster'.
|
||||
*/
|
||||
export interface AccessScope {
|
||||
/**
|
||||
* A Kubernetes namespace that an access policy is scoped to. A value is required if you specified
|
||||
* namespace for Type.
|
||||
*
|
||||
* @default - no specific namespaces for this scope.
|
||||
*/
|
||||
readonly namespaces?: string[];
|
||||
/**
|
||||
* The scope type of the policy, either 'namespace' or 'cluster'.
|
||||
*/
|
||||
readonly type: AccessScopeType;
|
||||
}
|
||||
/**
|
||||
* Represents an Amazon EKS Access Policy ARN.
|
||||
*
|
||||
* Amazon EKS Access Policies are used to control access to Amazon EKS clusters.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html
|
||||
*/
|
||||
export declare class AccessPolicyArn {
|
||||
readonly policyName: string;
|
||||
/**
|
||||
* The Amazon EKS Admin Policy. This access policy includes permissions that grant an IAM principal
|
||||
* most permissions to resources. When associated to an access entry, its access scope is typically
|
||||
* one or more Kubernetes namespaces.
|
||||
*/
|
||||
static readonly AMAZON_EKS_ADMIN_POLICY: AccessPolicyArn;
|
||||
/**
|
||||
* The Amazon EKS Cluster Admin Policy. This access policy includes permissions that grant an IAM
|
||||
* principal administrator access to a cluster. When associated to an access entry, its access scope
|
||||
* is typically the cluster, rather than a Kubernetes namespace.
|
||||
*/
|
||||
static readonly AMAZON_EKS_CLUSTER_ADMIN_POLICY: AccessPolicyArn;
|
||||
/**
|
||||
* The Amazon EKS Admin View Policy. This access policy includes permissions that grant an IAM principal
|
||||
* access to list/view all resources in a cluster.
|
||||
*/
|
||||
static readonly AMAZON_EKS_ADMIN_VIEW_POLICY: AccessPolicyArn;
|
||||
/**
|
||||
* The Amazon EKS Edit Policy. This access policy includes permissions that allow an IAM principal
|
||||
* to edit most Kubernetes resources.
|
||||
*/
|
||||
static readonly AMAZON_EKS_EDIT_POLICY: AccessPolicyArn;
|
||||
/**
|
||||
* The Amazon EKS View Policy. This access policy includes permissions that grant an IAM principal
|
||||
* access to list/view all resources in a cluster.
|
||||
*/
|
||||
static readonly AMAZON_EKS_VIEW_POLICY: AccessPolicyArn;
|
||||
/**
|
||||
* Creates a new instance of the AccessPolicy class with the specified policy name.
|
||||
* @param policyName The name of the access policy.
|
||||
* @returns A new instance of the AccessPolicy class.
|
||||
*/
|
||||
static of(policyName: string): AccessPolicyArn;
|
||||
/**
|
||||
* The Amazon Resource Name (ARN) of the access policy.
|
||||
*/
|
||||
readonly policyArn: string;
|
||||
/**
|
||||
* Constructs a new instance of the `AccessEntry` class.
|
||||
*
|
||||
* @param policyName - The name of the Amazon EKS access policy. This is used to construct the policy ARN.
|
||||
*/
|
||||
constructor(policyName: string);
|
||||
}
|
||||
/**
|
||||
* Represents an access policy that defines the permissions and scope for a user or role to access an Amazon EKS cluster.
|
||||
*
|
||||
* @interface IAccessPolicy
|
||||
*/
|
||||
export interface IAccessPolicy {
|
||||
/**
|
||||
* The scope of the access policy, which determines the level of access granted.
|
||||
*/
|
||||
readonly accessScope: AccessScope;
|
||||
/**
|
||||
* The access policy itself, which defines the specific permissions.
|
||||
*/
|
||||
readonly policy: string;
|
||||
}
|
||||
/**
|
||||
* Properties for configuring an Amazon EKS Access Policy.
|
||||
*/
|
||||
export interface AccessPolicyProps {
|
||||
/**
|
||||
* The scope of the access policy, which determines the level of access granted.
|
||||
*/
|
||||
readonly accessScope: AccessScope;
|
||||
/**
|
||||
* The access policy itself, which defines the specific permissions.
|
||||
*/
|
||||
readonly policy: AccessPolicyArn;
|
||||
}
|
||||
/**
|
||||
* Represents the options required to create an Amazon EKS Access Policy using the `fromAccessPolicyName()` method.
|
||||
*/
|
||||
export interface AccessPolicyNameOptions {
|
||||
/**
|
||||
* The scope of the access policy. This determines the level of access granted by the policy.
|
||||
*/
|
||||
readonly accessScopeType: AccessScopeType;
|
||||
/**
|
||||
* An optional array of Kubernetes namespaces to which the access policy applies.
|
||||
* @default - no specific namespaces for this scope
|
||||
*/
|
||||
readonly namespaces?: string[];
|
||||
}
|
||||
/**
|
||||
* Represents an Amazon EKS Access Policy that implements the IAccessPolicy interface.
|
||||
*
|
||||
* @implements {IAccessPolicy}
|
||||
*/
|
||||
export declare class AccessPolicy implements IAccessPolicy {
|
||||
/**
|
||||
* Import AccessPolicy by name.
|
||||
*/
|
||||
static fromAccessPolicyName(policyName: string, options: AccessPolicyNameOptions): IAccessPolicy;
|
||||
/**
|
||||
* The scope of the access policy, which determines the level of access granted.
|
||||
*/
|
||||
readonly accessScope: AccessScope;
|
||||
/**
|
||||
* The access policy itself, which defines the specific permissions.
|
||||
*/
|
||||
readonly policy: string;
|
||||
/**
|
||||
* Constructs a new instance of the AccessPolicy class.
|
||||
*
|
||||
* @param {AccessPolicyProps} props - The properties for configuring the access policy.
|
||||
*/
|
||||
constructor(props: AccessPolicyProps);
|
||||
}
|
||||
/**
|
||||
* Represents the different types of access entries that can be used in an Amazon EKS cluster.
|
||||
*
|
||||
* @enum {string}
|
||||
*/
|
||||
export declare enum AccessEntryType {
|
||||
/**
|
||||
* Represents a standard access entry.
|
||||
* Use this type for standard IAM principals that need cluster access with policies.
|
||||
*/
|
||||
STANDARD = "STANDARD",
|
||||
/**
|
||||
* Represents a Fargate Linux access entry.
|
||||
* Use this type for AWS Fargate profiles running Linux containers.
|
||||
*/
|
||||
FARGATE_LINUX = "FARGATE_LINUX",
|
||||
/**
|
||||
* Represents an EC2 Linux access entry.
|
||||
* Use this type for self-managed EC2 instances running Linux that join the cluster as worker nodes.
|
||||
*/
|
||||
EC2_LINUX = "EC2_LINUX",
|
||||
/**
|
||||
* Represents an EC2 Windows access entry.
|
||||
* Use this type for self-managed EC2 instances running Windows that join the cluster as worker nodes.
|
||||
*/
|
||||
EC2_WINDOWS = "EC2_WINDOWS",
|
||||
/**
|
||||
* Represents an EC2 access entry for EKS Auto Mode.
|
||||
* Use this type for node roles in EKS Auto Mode clusters where AWS automatically manages
|
||||
* the compute infrastructure. This type cannot have access policies attached.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/eks/latest/userguide/eks-auto-mode.html
|
||||
*/
|
||||
EC2 = "EC2",
|
||||
/**
|
||||
* Represents a Hybrid Linux access entry for EKS Hybrid Nodes.
|
||||
* Use this type for on-premises or edge infrastructure running Linux that connects
|
||||
* to your EKS cluster. This type cannot have access policies attached.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/eks/latest/userguide/hybrid-nodes.html
|
||||
*/
|
||||
HYBRID_LINUX = "HYBRID_LINUX",
|
||||
/**
|
||||
* Represents a HyperPod Linux access entry for Amazon SageMaker HyperPod.
|
||||
* Use this type for SageMaker HyperPod clusters that need access to your EKS cluster
|
||||
* for distributed machine learning workloads. This type cannot have access policies attached.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod.html
|
||||
*/
|
||||
HYPERPOD_LINUX = "HYPERPOD_LINUX"
|
||||
}
|
||||
/**
|
||||
* Represents the properties required to create an Amazon EKS access entry.
|
||||
*/
|
||||
export interface AccessEntryProps {
|
||||
/**
|
||||
* The name of the AccessEntry.
|
||||
*
|
||||
* @default - No access entry name is provided
|
||||
*/
|
||||
readonly accessEntryName?: string;
|
||||
/**
|
||||
* The type of the AccessEntry.
|
||||
*
|
||||
* @default STANDARD
|
||||
*/
|
||||
readonly accessEntryType?: AccessEntryType;
|
||||
/**
|
||||
* The Amazon EKS cluster to which the access entry applies.
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
/**
|
||||
* The access policies that define the permissions and scope for the access entry.
|
||||
*/
|
||||
readonly accessPolicies: IAccessPolicy[];
|
||||
/**
|
||||
* The Amazon Resource Name (ARN) of the principal (user or role) to associate the access entry with.
|
||||
*/
|
||||
readonly principal: string;
|
||||
/**
|
||||
* The removal policy applied to the access entry.
|
||||
*
|
||||
* The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Represents an access entry in an Amazon EKS cluster.
|
||||
*
|
||||
* An access entry defines the permissions and scope for a user or role to access an Amazon EKS cluster.
|
||||
*
|
||||
* @implements {IAccessEntry}
|
||||
*/
|
||||
export declare class AccessEntry extends Resource implements IAccessEntry {
|
||||
/** Uniquely identifies this class. */
|
||||
static readonly PROPERTY_INJECTION_ID: string;
|
||||
/**
|
||||
* Imports an `AccessEntry` from its attributes.
|
||||
*
|
||||
* @param scope - The parent construct.
|
||||
* @param id - The ID of the imported construct.
|
||||
* @param attrs - The attributes of the access entry to import.
|
||||
* @returns The imported access entry.
|
||||
*/
|
||||
static fromAccessEntryAttributes(scope: Construct, id: string, attrs: AccessEntryAttributes): IAccessEntry;
|
||||
/**
|
||||
* The name of the access entry.
|
||||
*/
|
||||
private cluster;
|
||||
private principal;
|
||||
private _accessPolicies;
|
||||
private readonly accessEntryType?;
|
||||
private readonly resource;
|
||||
get accessEntryName(): string;
|
||||
get accessEntryArn(): string;
|
||||
constructor(scope: Construct, id: string, props: AccessEntryProps);
|
||||
/**
|
||||
* Add the access policies for this entry.
|
||||
* @param newAccessPolicies - The new access policies to add.
|
||||
*/
|
||||
addAccessPolicies(newAccessPolicies: IAccessPolicy[]): void;
|
||||
/**
|
||||
* Validates that restricted access entry types cannot have access policies attached.
|
||||
*
|
||||
* @param accessPolicies - The access policies to validate
|
||||
* @param accessEntryType - The access entry type to check
|
||||
* @throws {ValidationError} If a restricted access entry type has access policies
|
||||
* @private
|
||||
*/
|
||||
private validateAccessPoliciesForRestrictedTypes;
|
||||
get accessEntryRef(): AccessEntryReference;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/access-entry.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/access-entry.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
121
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addon.d.ts
generated
vendored
Normal file
121
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addon.d.ts
generated
vendored
Normal file
@@ -0,0 +1,121 @@
|
||||
import type { Construct } from 'constructs';
|
||||
import type { ICluster } from './cluster';
|
||||
import type { AddonReference, IAddonRef } from './eks.generated';
|
||||
import type { IResource, RemovalPolicy } from '../../core';
|
||||
import { Resource } from '../../core';
|
||||
/**
|
||||
* Represents an Amazon EKS Add-On.
|
||||
*/
|
||||
export interface IAddon extends IResource, IAddonRef {
|
||||
/**
|
||||
* Name of the Add-On.
|
||||
* @attribute
|
||||
*/
|
||||
readonly addonName: string;
|
||||
/**
|
||||
* ARN of the Add-On.
|
||||
* @attribute
|
||||
*/
|
||||
readonly addonArn: string;
|
||||
}
|
||||
/**
|
||||
* Properties for creating an Amazon EKS Add-On.
|
||||
*/
|
||||
export interface AddonProps {
|
||||
/**
|
||||
* Name of the Add-On.
|
||||
*/
|
||||
readonly addonName: string;
|
||||
/**
|
||||
* Version of the Add-On. You can check all available versions with describe-addon-versions.
|
||||
* For example, this lists all available versions for the `eks-pod-identity-agent` addon:
|
||||
* $ aws eks describe-addon-versions --addon-name eks-pod-identity-agent \
|
||||
* --query 'addons[*].addonVersions[*].addonVersion'
|
||||
*
|
||||
* @default the latest version.
|
||||
*/
|
||||
readonly addonVersion?: string;
|
||||
/**
|
||||
* The EKS cluster the Add-On is associated with.
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
/**
|
||||
* Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on.
|
||||
* If an IAM account is associated with the add-on, it isn't removed.
|
||||
*
|
||||
* @default true
|
||||
*/
|
||||
readonly preserveOnDelete?: boolean;
|
||||
/**
|
||||
* The configuration values for the Add-on.
|
||||
*
|
||||
* @default - Use default configuration.
|
||||
*/
|
||||
readonly configurationValues?: Record<string, any>;
|
||||
/**
|
||||
* The removal policy applied to the EKS add-on.
|
||||
*
|
||||
* The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Represents the attributes of an addon for an Amazon EKS cluster.
|
||||
*/
|
||||
export interface AddonAttributes {
|
||||
/**
|
||||
* The name of the addon.
|
||||
*/
|
||||
readonly addonName: string;
|
||||
/**
|
||||
* The name of the Amazon EKS cluster the addon is associated with.
|
||||
*/
|
||||
readonly clusterName: string;
|
||||
}
|
||||
/**
|
||||
* Represents an Amazon EKS Add-On.
|
||||
*/
|
||||
export declare class Addon extends Resource implements IAddon {
|
||||
/** Uniquely identifies this class. */
|
||||
static readonly PROPERTY_INJECTION_ID: string;
|
||||
/**
|
||||
* Creates an `IAddon` instance from the given addon attributes.
|
||||
*
|
||||
* @param scope - The parent construct.
|
||||
* @param id - The construct ID.
|
||||
* @param attrs - The attributes of the addon, including the addon name and the cluster name.
|
||||
* @returns An `IAddon` instance.
|
||||
*/
|
||||
static fromAddonAttributes(scope: Construct, id: string, attrs: AddonAttributes): IAddon;
|
||||
/**
|
||||
* Creates an `IAddon` from an existing addon ARN.
|
||||
*
|
||||
* @param scope - The parent construct.
|
||||
* @param id - The ID of the construct.
|
||||
* @param addonArn - The ARN of the addon.
|
||||
* @returns An `IAddon` implementation.
|
||||
*/
|
||||
static fromAddonArn(scope: Construct, id: string, addonArn: string): IAddon;
|
||||
/**
|
||||
* Name of the addon.
|
||||
*/
|
||||
private readonly clusterName;
|
||||
private readonly resource;
|
||||
get addonName(): string;
|
||||
get addonArn(): string;
|
||||
/**
|
||||
* Creates a new Amazon EKS Add-On.
|
||||
* @param scope The parent construct.
|
||||
* @param id The construct ID.
|
||||
* @param props The properties for the Add-On.
|
||||
*/
|
||||
constructor(scope: Construct, id: string, props: AddonProps);
|
||||
get addonRef(): AddonReference;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addon.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addon.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
184
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.0.0.json
generated
vendored
Normal file
184
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.0.0.json
generated
vendored
Normal file
@@ -0,0 +1,184 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
191
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.0.1.json
generated
vendored
Normal file
191
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.0.1.json
generated
vendored
Normal file
@@ -0,0 +1,191 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
191
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.1.0.json
generated
vendored
Normal file
191
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.1.0.json
generated
vendored
Normal file
@@ -0,0 +1,191 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
191
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.1.1.json
generated
vendored
Normal file
191
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.1.1.json
generated
vendored
Normal file
@@ -0,0 +1,191 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
193
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.1.2.json
generated
vendored
Normal file
193
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.1.2.json
generated
vendored
Normal file
@@ -0,0 +1,193 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
193
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.1.3.json
generated
vendored
Normal file
193
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.1.3.json
generated
vendored
Normal file
@@ -0,0 +1,193 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.0.json
generated
vendored
Normal file
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.0.json
generated
vendored
Normal file
@@ -0,0 +1,207 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.1.json
generated
vendored
Normal file
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.1.json
generated
vendored
Normal file
@@ -0,0 +1,207 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.2.json
generated
vendored
Normal file
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.2.json
generated
vendored
Normal file
@@ -0,0 +1,207 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.3.json
generated
vendored
Normal file
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.3.json
generated
vendored
Normal file
@@ -0,0 +1,207 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.4.json
generated
vendored
Normal file
207
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.2.4.json
generated
vendored
Normal file
@@ -0,0 +1,207 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
217
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.3.0.json
generated
vendored
Normal file
217
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.3.0.json
generated
vendored
Normal file
@@ -0,0 +1,217 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "iam:CreateServiceLinkedRole",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
217
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.3.1.json
generated
vendored
Normal file
217
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.3.1.json
generated
vendored
Normal file
@@ -0,0 +1,217 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "iam:CreateServiceLinkedRole",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json
generated
vendored
Normal file
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.1.json
generated
vendored
Normal file
@@ -0,0 +1,219 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.2.json
generated
vendored
Normal file
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.2.json
generated
vendored
Normal file
@@ -0,0 +1,219 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.3.json
generated
vendored
Normal file
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.3.json
generated
vendored
Normal file
@@ -0,0 +1,219 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.4.json
generated
vendored
Normal file
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.4.json
generated
vendored
Normal file
@@ -0,0 +1,219 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.5.json
generated
vendored
Normal file
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.5.json
generated
vendored
Normal file
@@ -0,0 +1,219 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.6.json
generated
vendored
Normal file
219
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.6.json
generated
vendored
Normal file
@@ -0,0 +1,219 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.7.json
generated
vendored
Normal file
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.4.7.json
generated
vendored
Normal file
@@ -0,0 +1,241 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.0.json
generated
vendored
Normal file
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.0.json
generated
vendored
Normal file
@@ -0,0 +1,241 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.1.json
generated
vendored
Normal file
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.1.json
generated
vendored
Normal file
@@ -0,0 +1,241 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.2.json
generated
vendored
Normal file
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.2.json
generated
vendored
Normal file
@@ -0,0 +1,241 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.3.json
generated
vendored
Normal file
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.3.json
generated
vendored
Normal file
@@ -0,0 +1,241 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.4.json
generated
vendored
Normal file
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.5.4.json
generated
vendored
Normal file
@@ -0,0 +1,241 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.6.0.json
generated
vendored
Normal file
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.6.0.json
generated
vendored
Normal file
@@ -0,0 +1,241 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.6.1.json
generated
vendored
Normal file
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.6.1.json
generated
vendored
Normal file
@@ -0,0 +1,241 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.6.2.json
generated
vendored
Normal file
241
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.6.2.json
generated
vendored
Normal file
@@ -0,0 +1,241 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.7.0.json
generated
vendored
Normal file
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.7.0.json
generated
vendored
Normal file
@@ -0,0 +1,242 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags",
|
||||
"elasticloadbalancing:DescribeTrustStores"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.7.1.json
generated
vendored
Normal file
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.7.1.json
generated
vendored
Normal file
@@ -0,0 +1,242 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags",
|
||||
"elasticloadbalancing:DescribeTrustStores"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.7.2.json
generated
vendored
Normal file
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.7.2.json
generated
vendored
Normal file
@@ -0,0 +1,242 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags",
|
||||
"elasticloadbalancing:DescribeTrustStores"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.8.0.json
generated
vendored
Normal file
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.8.0.json
generated
vendored
Normal file
@@ -0,0 +1,242 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags",
|
||||
"elasticloadbalancing:DescribeTrustStores"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.8.1.json
generated
vendored
Normal file
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.8.1.json
generated
vendored
Normal file
@@ -0,0 +1,242 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags",
|
||||
"elasticloadbalancing:DescribeTrustStores"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.8.2.json
generated
vendored
Normal file
242
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/alb-iam_policy-v2.8.2.json
generated
vendored
Normal file
@@ -0,0 +1,242 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"iam:CreateServiceLinkedRole"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAddresses",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcPeeringConnections",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeNetworkInterfaces",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:GetCoipPoolUsage",
|
||||
"ec2:DescribeCoipPools",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeListenerCertificates",
|
||||
"elasticloadbalancing:DescribeSSLPolicies",
|
||||
"elasticloadbalancing:DescribeRules",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetGroupAttributes",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:DescribeTags",
|
||||
"elasticloadbalancing:DescribeTrustStores"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"cognito-idp:DescribeUserPoolClient",
|
||||
"acm:ListCertificates",
|
||||
"acm:DescribeCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"iam:GetServerCertificate",
|
||||
"waf-regional:GetWebACL",
|
||||
"waf-regional:GetWebACLForResource",
|
||||
"waf-regional:AssociateWebACL",
|
||||
"waf-regional:DisassociateWebACL",
|
||||
"wafv2:GetWebACL",
|
||||
"wafv2:GetWebACLForResource",
|
||||
"wafv2:AssociateWebACL",
|
||||
"wafv2:DisassociateWebACL",
|
||||
"shield:GetSubscriptionState",
|
||||
"shield:DescribeProtection",
|
||||
"shield:CreateProtection",
|
||||
"shield:DeleteProtection"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateSecurityGroup"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:CreateAction": "CreateSecurityGroup"
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Resource": "arn:aws:ec2:*:*:security-group/*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:RevokeSecurityGroupIngress",
|
||||
"ec2:DeleteSecurityGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateLoadBalancer",
|
||||
"elasticloadbalancing:CreateTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:CreateRule",
|
||||
"elasticloadbalancing:DeleteRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:RemoveTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
||||
"elasticloadbalancing:SetIpAddressType",
|
||||
"elasticloadbalancing:SetSecurityGroups",
|
||||
"elasticloadbalancing:SetSubnets",
|
||||
"elasticloadbalancing:DeleteLoadBalancer",
|
||||
"elasticloadbalancing:ModifyTargetGroup",
|
||||
"elasticloadbalancing:ModifyTargetGroupAttributes",
|
||||
"elasticloadbalancing:DeleteTargetGroup"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:AddTags"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
|
||||
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
|
||||
],
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"elasticloadbalancing:CreateAction": [
|
||||
"CreateTargetGroup",
|
||||
"CreateLoadBalancer"
|
||||
]
|
||||
},
|
||||
"Null": {
|
||||
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"elasticloadbalancing:DeregisterTargets"
|
||||
],
|
||||
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"elasticloadbalancing:SetWebAcl",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:AddListenerCertificates",
|
||||
"elasticloadbalancing:RemoveListenerCertificates",
|
||||
"elasticloadbalancing:ModifyRule"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
74
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/neuron-device-plugin.yaml
generated
vendored
Normal file
74
cdk/node_modules/aws-cdk-lib/aws-eks/lib/addons/neuron-device-plugin.yaml
generated
vendored
Normal file
@@ -0,0 +1,74 @@
|
||||
# source: https://github.com/aws/aws-neuron-sdk/blob/master/docs/neuron-container-tools/k8s-neuron-device-plugin.yml
|
||||
# https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: neuron-device-plugin-daemonset
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
name: neuron-device-plugin-ds
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ""
|
||||
labels:
|
||||
name: neuron-device-plugin-ds
|
||||
spec:
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- key: aws.amazon.com/neuron
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
# Mark this pod as a critical add-on; when enabled, the critical add-on
|
||||
# scheduler reserves resources for critical add-on pods so that they can
|
||||
# be rescheduled after a failure.
|
||||
# See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
|
||||
priorityClassName: "system-node-critical"
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: "beta.kubernetes.io/instance-type"
|
||||
operator: In
|
||||
values:
|
||||
- inf1.xlarge
|
||||
- inf1.2xlarge
|
||||
- inf1.6xlarge
|
||||
- inf1.24xlarge
|
||||
- inf2.xlarge
|
||||
- inf2.8xlarge
|
||||
- inf2.24xlarge
|
||||
- inf2.48xlarge
|
||||
- matchExpressions:
|
||||
- key: "node.kubernetes.io/instance-type"
|
||||
operator: In
|
||||
values:
|
||||
- inf1.xlarge
|
||||
- inf1.2xlarge
|
||||
- inf1.6xlarge
|
||||
- inf1.24xlarge
|
||||
- inf2.xlarge
|
||||
- inf2.8xlarge
|
||||
- inf2.24xlarge
|
||||
- inf2.48xlarge
|
||||
containers:
|
||||
- image: 790709498068.dkr.ecr.us-west-2.amazonaws.com/neuron-device-plugin:1.0.9043.0
|
||||
imagePullPolicy: Always
|
||||
name: k8s-neuron-device-plugin-ctr
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
volumeMounts:
|
||||
- name: device-plugin
|
||||
mountPath: /var/lib/kubelet/device-plugins
|
||||
volumes:
|
||||
- name: device-plugin
|
||||
hostPath:
|
||||
path: /var/lib/kubelet/device-plugins
|
||||
297
cdk/node_modules/aws-cdk-lib/aws-eks/lib/alb-controller.d.ts
generated
vendored
Normal file
297
cdk/node_modules/aws-cdk-lib/aws-eks/lib/alb-controller.d.ts
generated
vendored
Normal file
@@ -0,0 +1,297 @@
|
||||
import { Construct } from 'constructs';
|
||||
import type { Cluster } from './cluster';
|
||||
import type { RemovalPolicy } from '../../core';
|
||||
/**
|
||||
* Controller version.
|
||||
*
|
||||
* Corresponds to the image tag of 'amazon/aws-load-balancer-controller' image.
|
||||
*/
|
||||
export declare class AlbControllerVersion {
|
||||
/**
|
||||
* The version string.
|
||||
*/
|
||||
readonly version: string;
|
||||
/**
|
||||
* The version of the helm chart to use.
|
||||
*/
|
||||
readonly helmChartVersion: string;
|
||||
/**
|
||||
* Whether or not its a custom version.
|
||||
*/
|
||||
readonly custom: boolean;
|
||||
/**
|
||||
* v2.0.0
|
||||
*/
|
||||
static readonly V2_0_0: AlbControllerVersion;
|
||||
/**
|
||||
* v2.0.1
|
||||
*/
|
||||
static readonly V2_0_1: AlbControllerVersion;
|
||||
/**
|
||||
* v2.1.0
|
||||
*/
|
||||
static readonly V2_1_0: AlbControllerVersion;
|
||||
/**
|
||||
* v2.1.1
|
||||
*/
|
||||
static readonly V2_1_1: AlbControllerVersion;
|
||||
/**
|
||||
* v2.1.2
|
||||
*/
|
||||
static readonly V2_1_2: AlbControllerVersion;
|
||||
/**
|
||||
* v2.1.3
|
||||
*/
|
||||
static readonly V2_1_3: AlbControllerVersion;
|
||||
/**
|
||||
* v2.0.0
|
||||
*/
|
||||
static readonly V2_2_0: AlbControllerVersion;
|
||||
/**
|
||||
* v2.2.1
|
||||
*/
|
||||
static readonly V2_2_1: AlbControllerVersion;
|
||||
/**
|
||||
* v2.2.2
|
||||
*/
|
||||
static readonly V2_2_2: AlbControllerVersion;
|
||||
/**
|
||||
* v2.2.3
|
||||
*/
|
||||
static readonly V2_2_3: AlbControllerVersion;
|
||||
/**
|
||||
* v2.2.4
|
||||
*/
|
||||
static readonly V2_2_4: AlbControllerVersion;
|
||||
/**
|
||||
* v2.3.0
|
||||
*/
|
||||
static readonly V2_3_0: AlbControllerVersion;
|
||||
/**
|
||||
* v2.3.1
|
||||
*/
|
||||
static readonly V2_3_1: AlbControllerVersion;
|
||||
/**
|
||||
* v2.4.1
|
||||
*/
|
||||
static readonly V2_4_1: AlbControllerVersion;
|
||||
/**
|
||||
* v2.4.2
|
||||
*/
|
||||
static readonly V2_4_2: AlbControllerVersion;
|
||||
/**
|
||||
* v2.4.3
|
||||
*/
|
||||
static readonly V2_4_3: AlbControllerVersion;
|
||||
/**
|
||||
* v2.4.4
|
||||
*/
|
||||
static readonly V2_4_4: AlbControllerVersion;
|
||||
/**
|
||||
* v2.4.5
|
||||
*/
|
||||
static readonly V2_4_5: AlbControllerVersion;
|
||||
/**
|
||||
* v2.4.6
|
||||
*/
|
||||
static readonly V2_4_6: AlbControllerVersion;
|
||||
/**
|
||||
* v2.4.7
|
||||
*/
|
||||
static readonly V2_4_7: AlbControllerVersion;
|
||||
/**
|
||||
* v2.5.0
|
||||
*/
|
||||
static readonly V2_5_0: AlbControllerVersion;
|
||||
/**
|
||||
* v2.5.1
|
||||
*/
|
||||
static readonly V2_5_1: AlbControllerVersion;
|
||||
/**
|
||||
* v2.5.2
|
||||
*/
|
||||
static readonly V2_5_2: AlbControllerVersion;
|
||||
/**
|
||||
* v2.5.3
|
||||
*/
|
||||
static readonly V2_5_3: AlbControllerVersion;
|
||||
/**
|
||||
* v2.5.4
|
||||
*/
|
||||
static readonly V2_5_4: AlbControllerVersion;
|
||||
/**
|
||||
* v2.6.0
|
||||
*/
|
||||
static readonly V2_6_0: AlbControllerVersion;
|
||||
/**
|
||||
* v2.6.1
|
||||
*/
|
||||
static readonly V2_6_1: AlbControllerVersion;
|
||||
/**
|
||||
* v2.6.2
|
||||
*/
|
||||
static readonly V2_6_2: AlbControllerVersion;
|
||||
/**
|
||||
* v2.7.0
|
||||
*/
|
||||
static readonly V2_7_0: AlbControllerVersion;
|
||||
/**
|
||||
* v2.7.1
|
||||
*/
|
||||
static readonly V2_7_1: AlbControllerVersion;
|
||||
/**
|
||||
* v2.7.2
|
||||
*/
|
||||
static readonly V2_7_2: AlbControllerVersion;
|
||||
/**
|
||||
* v2.8.0
|
||||
*/
|
||||
static readonly V2_8_0: AlbControllerVersion;
|
||||
/**
|
||||
* v2.8.1
|
||||
*/
|
||||
static readonly V2_8_1: AlbControllerVersion;
|
||||
/**
|
||||
* v2.8.2
|
||||
*/
|
||||
static readonly V2_8_2: AlbControllerVersion;
|
||||
/**
|
||||
* Specify a custom version and an associated helm chart version.
|
||||
* Use this if the version you need is not available in one of the predefined versions.
|
||||
* Note that in this case, you will also need to provide an IAM policy in the controller options.
|
||||
*
|
||||
* ALB controller version and helm chart version compatibility information can be found
|
||||
* here: https://github.com/aws/eks-charts/blob/v0.0.133/stable/aws-load-balancer-controller/Chart.yaml
|
||||
*
|
||||
* @param version The version number.
|
||||
* @param helmChartVersion The version of the helm chart. Version 1.4.1 is the default version to support legacy
|
||||
* users.
|
||||
*/
|
||||
static of(version: string, helmChartVersion?: string): AlbControllerVersion;
|
||||
private constructor();
|
||||
}
|
||||
/**
|
||||
* ALB Scheme.
|
||||
*
|
||||
* @see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/ingress/annotations/#scheme
|
||||
*/
|
||||
export declare enum AlbScheme {
|
||||
/**
|
||||
* The nodes of an internal load balancer have only private IP addresses.
|
||||
* The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes.
|
||||
* Therefore, internal load balancers can only route requests from clients with access to the VPC for the load balancer.
|
||||
*/
|
||||
INTERNAL = "internal",
|
||||
/**
|
||||
* An internet-facing load balancer has a publicly resolvable DNS name, so it can route requests from clients over the internet
|
||||
* to the EC2 instances that are registered with the load balancer.
|
||||
*/
|
||||
INTERNET_FACING = "internet-facing"
|
||||
}
|
||||
/**
|
||||
* Helm chart options that can be set for AlbControllerChart
|
||||
* To add any new supported values refer
|
||||
* https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/helm/aws-load-balancer-controller/values.yaml
|
||||
*/
|
||||
export interface AlbControllerHelmChartOptions {
|
||||
/**
|
||||
* Enable or disable AWS WAFv2 on the ALB ingress controller.
|
||||
*
|
||||
* @default - no value defined for this helm chart option, so it will not be set in the helm chart values
|
||||
*/
|
||||
readonly enableWafv2?: boolean;
|
||||
/**
|
||||
* Enable or disable AWS WAF on the ALB ingress controller.
|
||||
*
|
||||
* @default - no value defined for this helm chart option, so it will not be set in the helm chart values
|
||||
*/
|
||||
readonly enableWaf?: boolean;
|
||||
}
|
||||
/**
|
||||
* Options for `AlbController`.
|
||||
*/
|
||||
export interface AlbControllerOptions {
|
||||
/**
|
||||
* Version of the controller.
|
||||
*/
|
||||
readonly version: AlbControllerVersion;
|
||||
/**
|
||||
* The repository to pull the controller image from.
|
||||
*
|
||||
* Note that the default repository works for most regions, but not all.
|
||||
* If the repository is not applicable to your region, use a custom repository
|
||||
* according to the information here: https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases.
|
||||
*
|
||||
* @default '602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller'
|
||||
*/
|
||||
readonly repository?: string;
|
||||
/**
|
||||
* The IAM policy to apply to the service account.
|
||||
*
|
||||
* If you're using one of the built-in versions, this is not required since
|
||||
* CDK ships with the appropriate policies for those versions.
|
||||
*
|
||||
* However, if you are using a custom version, this is required (and validated).
|
||||
*
|
||||
* @default - Corresponds to the predefined version.
|
||||
*/
|
||||
readonly policy?: any;
|
||||
/**
|
||||
* Additional helm chart values for ALB controller
|
||||
*
|
||||
* @default - no additional helm chart values
|
||||
*/
|
||||
readonly additionalHelmChartValues?: AlbControllerHelmChartOptions;
|
||||
/**
|
||||
* Overwrite any existing ALB controller service account.
|
||||
*
|
||||
* If this is set, we will use `kubectl apply` instead of `kubectl create`
|
||||
* when the ALB controller service account is created. Otherwise, if there is already a service account
|
||||
* named 'aws-load-balancer-controller' in the kube-system namespace, the operation will fail.
|
||||
*
|
||||
* @default false
|
||||
*/
|
||||
readonly overwriteServiceAccount?: boolean;
|
||||
/**
|
||||
* The removal policy applied to the ALB controller resources.
|
||||
*
|
||||
* The removal policy controls what happens to the resources if they stop being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Properties for `AlbController`.
|
||||
*/
|
||||
export interface AlbControllerProps extends AlbControllerOptions {
|
||||
/**
|
||||
* [disable-awslint:ref-via-interface]
|
||||
* Cluster to install the controller onto.
|
||||
*/
|
||||
readonly cluster: Cluster;
|
||||
}
|
||||
/**
|
||||
* Construct for installing the AWS ALB Contoller on EKS clusters.
|
||||
*
|
||||
* Use the factory functions `get` and `getOrCreate` to obtain/create instances of this controller.
|
||||
*
|
||||
* @see https://kubernetes-sigs.github.io/aws-load-balancer-controller
|
||||
*
|
||||
*/
|
||||
export declare class AlbController extends Construct {
|
||||
/**
|
||||
* Create the controller construct associated with this cluster and scope.
|
||||
*
|
||||
* Singleton per stack/cluster.
|
||||
*/
|
||||
static create(scope: Construct, props: AlbControllerProps): AlbController;
|
||||
private static uid;
|
||||
constructor(scope: Construct, id: string, props: AlbControllerProps);
|
||||
private rewritePolicyResources;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/alb-controller.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/alb-controller.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
17
cdk/node_modules/aws-cdk-lib/aws-eks/lib/aws-auth-mapping.d.ts
generated
vendored
Normal file
17
cdk/node_modules/aws-cdk-lib/aws-eks/lib/aws-auth-mapping.d.ts
generated
vendored
Normal file
@@ -0,0 +1,17 @@
|
||||
/**
|
||||
* AwsAuth mapping.
|
||||
*/
|
||||
export interface AwsAuthMapping {
|
||||
/**
|
||||
* The user name within Kubernetes to map to the IAM role.
|
||||
*
|
||||
* @default - By default, the user name is the ARN of the IAM role.
|
||||
*/
|
||||
readonly username?: string;
|
||||
/**
|
||||
* A list of groups within Kubernetes to which the role is mapped.
|
||||
*
|
||||
* @see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings
|
||||
*/
|
||||
readonly groups: string[];
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/aws-auth-mapping.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/aws-auth-mapping.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0});
|
||||
58
cdk/node_modules/aws-cdk-lib/aws-eks/lib/aws-auth.d.ts
generated
vendored
Normal file
58
cdk/node_modules/aws-cdk-lib/aws-eks/lib/aws-auth.d.ts
generated
vendored
Normal file
@@ -0,0 +1,58 @@
|
||||
import { Construct } from 'constructs';
|
||||
import type { AwsAuthMapping } from './aws-auth-mapping';
|
||||
import type { Cluster } from './cluster';
|
||||
import type * as iam from '../../aws-iam';
|
||||
/**
|
||||
* Configuration props for the AwsAuth construct.
|
||||
*/
|
||||
export interface AwsAuthProps {
|
||||
/**
|
||||
* The EKS cluster to apply this configuration to.
|
||||
*
|
||||
* [disable-awslint:ref-via-interface]
|
||||
*/
|
||||
readonly cluster: Cluster;
|
||||
}
|
||||
/**
|
||||
* Manages mapping between IAM users and roles to Kubernetes RBAC configuration.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html
|
||||
*/
|
||||
export declare class AwsAuth extends Construct {
|
||||
private readonly stack;
|
||||
private readonly roleMappings;
|
||||
private readonly userMappings;
|
||||
private readonly accounts;
|
||||
constructor(scope: Construct, id: string, props: AwsAuthProps);
|
||||
/**
|
||||
* Adds the specified IAM role to the `system:masters` RBAC group, which means
|
||||
* that anyone that can assume it will be able to administer this Kubernetes system.
|
||||
*
|
||||
* @param role The IAM role to add
|
||||
* @param username Optional user (defaults to the role ARN)
|
||||
*/
|
||||
addMastersRole(role: iam.IRole, username?: string): void;
|
||||
/**
|
||||
* Adds a mapping between an IAM role to a Kubernetes user and groups.
|
||||
*
|
||||
* @param role The IAM role to map
|
||||
* @param mapping Mapping to k8s user name and groups
|
||||
*/
|
||||
addRoleMapping(role: iam.IRole, mapping: AwsAuthMapping): void;
|
||||
/**
|
||||
* Adds a mapping between an IAM user to a Kubernetes user and groups.
|
||||
*
|
||||
* @param user The IAM user to map
|
||||
* @param mapping Mapping to k8s user name and groups
|
||||
*/
|
||||
addUserMapping(user: iam.IUser, mapping: AwsAuthMapping): void;
|
||||
/**
|
||||
* Additional AWS account to add to the aws-auth configmap.
|
||||
* @param accountId account number
|
||||
*/
|
||||
addAccount(accountId: string): void;
|
||||
private assertSameStack;
|
||||
private synthesizeMapRoles;
|
||||
private synthesizeMapUsers;
|
||||
private synthesizeMapAccounts;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/aws-auth.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/aws-auth.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.AwsAuth=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},cluster_1=()=>{var tmp=require("./cluster");return cluster_1=()=>tmp,tmp},k8s_manifest_1=()=>{var tmp=require("./k8s-manifest");return k8s_manifest_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class AwsAuth extends constructs_1().Construct{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.AwsAuth",version:"2.252.0"};stack;roleMappings=new Array;userMappings=new Array;accounts=new Array;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_AwsAuthProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,AwsAuth),error}if(!(props.cluster.authenticationMode!==cluster_1().AuthenticationMode.API))throw new(core_1()).ValidationError((0,literal_string_1().lit)`ConfigMapSupportedAuthenticationMode`,"ConfigMap not supported in the AuthenticationMode",this);this.stack=core_1().Stack.of(this),new(k8s_manifest_1()).KubernetesManifest(this,"manifest",{cluster:props.cluster,overwrite:!0,manifest:[{apiVersion:"v1",kind:"ConfigMap",metadata:{name:"aws-auth",namespace:"kube-system"},data:{mapRoles:this.synthesizeMapRoles(),mapUsers:this.synthesizeMapUsers(),mapAccounts:this.synthesizeMapAccounts()}}]})}addMastersRole(role,username){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IRole(role)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addMastersRole),error}this.addRoleMapping(role,{username,groups:["system:masters"]})}addRoleMapping(role,mapping){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IRole(role),jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_AwsAuthMapping(mapping)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addRoleMapping),error}this.assertSameStack(role),this.roleMappings.push({role,mapping})}addUserMapping(user,mapping){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IUser(user),jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_AwsAuthMapping(mapping)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addUserMapping),error}this.assertSameStack(user),this.userMappings.push({user,mapping})}addAccount(accountId){this.accounts.push(accountId)}assertSameStack(construct){const thisStack=core_1().Stack.of(this);if(core_1().Stack.of(construct)!==thisStack)throw new(core_1()).ValidationError((0,literal_string_1().lit)`DefinedInWrongStack`,`${construct.node.path} should be defined in the scope of the ${thisStack.stackName} stack to prevent circular dependencies`,this)}synthesizeMapRoles(){return core_1().Lazy.any({produce:()=>this.stack.toJsonString(this.roleMappings.map(m=>({rolearn:m.role.roleArn,username:m.mapping.username??m.role.roleArn,groups:m.mapping.groups})))})}synthesizeMapUsers(){return core_1().Lazy.any({produce:()=>this.stack.toJsonString(this.userMappings.map(m=>({userarn:m.user.userArn,username:m.mapping.username??m.user.userArn,groups:m.mapping.groups})))})}synthesizeMapAccounts(){return core_1().Lazy.any({produce:()=>this.stack.toJsonString(this.accounts)})}}exports.AwsAuth=AwsAuth;
|
||||
2
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/consts.d.ts
generated
vendored
Normal file
2
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/consts.d.ts
generated
vendored
Normal file
@@ -0,0 +1,2 @@
|
||||
export declare const CLUSTER_RESOURCE_TYPE = "Custom::AWSCDK-EKS-Cluster";
|
||||
export declare const FARGATE_PROFILE_RESOURCE_TYPE = "Custom::AWSCDK-EKS-FargateProfile";
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/consts.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource-handler/consts.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.FARGATE_PROFILE_RESOURCE_TYPE=exports.CLUSTER_RESOURCE_TYPE=void 0,exports.CLUSTER_RESOURCE_TYPE="Custom::AWSCDK-EKS-Cluster",exports.FARGATE_PROFILE_RESOURCE_TYPE="Custom::AWSCDK-EKS-FargateProfile";
|
||||
58
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource-provider.d.ts
generated
vendored
Normal file
58
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource-provider.d.ts
generated
vendored
Normal file
@@ -0,0 +1,58 @@
|
||||
import type { Construct } from 'constructs';
|
||||
import type * as ec2 from '../../aws-ec2';
|
||||
import * as lambda from '../../aws-lambda';
|
||||
import { NestedStack } from '../../core';
|
||||
import * as cr from '../../custom-resources';
|
||||
export interface ClusterResourceProviderProps {
|
||||
/**
|
||||
* The VPC to provision the functions in.
|
||||
*/
|
||||
readonly vpc?: ec2.IVpc;
|
||||
/**
|
||||
* The subnets to place the functions in.
|
||||
*/
|
||||
readonly subnets?: ec2.ISubnet[];
|
||||
/**
|
||||
* Environment to add to the handler.
|
||||
*/
|
||||
readonly environment?: {
|
||||
[key: string]: string;
|
||||
};
|
||||
/**
|
||||
* An AWS Lambda layer that includes the NPM dependency `proxy-agent`.
|
||||
*
|
||||
* If not defined, a default layer will be used.
|
||||
*/
|
||||
readonly onEventLayer?: lambda.ILayerVersion;
|
||||
/**
|
||||
* The security group to associate with the functions.
|
||||
*
|
||||
* @default - No security group.
|
||||
*/
|
||||
readonly securityGroup?: ec2.ISecurityGroup;
|
||||
/**
|
||||
* Disable logging for provider
|
||||
*
|
||||
* @default true
|
||||
*/
|
||||
readonly disableLogging?: boolean;
|
||||
}
|
||||
/**
|
||||
* A custom resource provider that handles cluster operations. It serves
|
||||
* multiple custom resources such as the cluster resource and the fargate
|
||||
* resource.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
export declare class ClusterResourceProvider extends NestedStack {
|
||||
static getOrCreate(scope: Construct, props: ClusterResourceProviderProps): ClusterResourceProvider;
|
||||
/**
|
||||
* The custom resource provider to use for custom resources.
|
||||
*/
|
||||
readonly provider: cr.Provider;
|
||||
private constructor();
|
||||
/**
|
||||
* The custom resource service token for this provider.
|
||||
*/
|
||||
get serviceToken(): string;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource-provider.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource-provider.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ClusterResourceProvider=void 0;var lambda=()=>{var tmp=require("../../aws-lambda");return lambda=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},cluster_resource_provider_generated_1=()=>{var tmp=require("../../custom-resource-handlers/dist/aws-eks/cluster-resource-provider.generated");return cluster_resource_provider_generated_1=()=>tmp,tmp},cr=()=>{var tmp=require("../../custom-resources");return cr=()=>tmp,tmp},lambda_layer_node_proxy_agent_1=()=>{var tmp=require("../../lambda-layer-node-proxy-agent");return lambda_layer_node_proxy_agent_1=()=>tmp,tmp};class ClusterResourceProvider extends core_1().NestedStack{static getOrCreate(scope,props){const stack=core_1().Stack.of(scope),uid="@aws-cdk/aws-eks.ClusterResourceProvider";return stack.node.tryFindChild(uid)??new ClusterResourceProvider(stack,uid,props)}provider;constructor(scope,id,props){super(scope,id);const nodeProxyAgentLayer=new(lambda_layer_node_proxy_agent_1()).NodeProxyAgentLayer(this,"NodeProxyAgentLayer"),onEvent=new(cluster_resource_provider_generated_1()).ClusterResourceOnEventFunction(this,"OnEventHandler",{description:"onEvent handler for EKS cluster resource provider",environment:{AWS_STS_REGIONAL_ENDPOINTS:"regional",...props.environment},timeout:core_1().Duration.minutes(1),vpc:props.subnets?props.vpc:void 0,vpcSubnets:props.subnets?{subnets:props.subnets}:void 0,securityGroups:props.securityGroup?[props.securityGroup]:void 0,layers:props.onEventLayer?[props.onEventLayer]:[nodeProxyAgentLayer]}),isComplete=new(cluster_resource_provider_generated_1()).ClusterResourceIsCompleteFunction(this,"IsCompleteHandler",{description:"isComplete handler for EKS cluster resource provider",environment:{AWS_STS_REGIONAL_ENDPOINTS:"regional",...props.environment},timeout:core_1().Duration.minutes(1),vpc:props.subnets?props.vpc:void 0,vpcSubnets:props.subnets?{subnets:props.subnets}:void 0,securityGroups:props.securityGroup?[props.securityGroup]:void 0,layers:[nodeProxyAgentLayer]}),disableLogging=props.disableLogging??!0;this.provider=new(cr()).Provider(this,"Provider",{onEventHandler:onEvent,isCompleteHandler:isComplete,totalTimeout:core_1().Duration.hours(1),queryInterval:core_1().Duration.minutes(1),vpc:props.subnets?props.vpc:void 0,vpcSubnets:props.subnets?{subnets:props.subnets}:void 0,securityGroups:props.securityGroup?[props.securityGroup]:void 0,disableWaiterStateMachineLogging:disableLogging,...disableLogging?{}:{frameworkLambdaLoggingLevel:lambda().ApplicationLogLevel.INFO}})}get serviceToken(){return this.provider.serviceToken}}exports.ClusterResourceProvider=ClusterResourceProvider;
|
||||
62
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource.d.ts
generated
vendored
Normal file
62
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource.d.ts
generated
vendored
Normal file
@@ -0,0 +1,62 @@
|
||||
import { Construct } from 'constructs';
|
||||
import type { CfnCluster } from './eks.generated';
|
||||
import type * as ec2 from '../../aws-ec2';
|
||||
import * as iam from '../../aws-iam';
|
||||
import type * as kms from '../../aws-kms';
|
||||
import type * as lambda from '../../aws-lambda';
|
||||
import type { ArnComponents } from '../../core';
|
||||
export interface ClusterResourceProps {
|
||||
readonly resourcesVpcConfig: CfnCluster.ResourcesVpcConfigProperty;
|
||||
readonly roleArn: string;
|
||||
readonly encryptionConfig?: Array<CfnCluster.EncryptionConfigProperty>;
|
||||
readonly kubernetesNetworkConfig?: CfnCluster.KubernetesNetworkConfigProperty;
|
||||
readonly name: string;
|
||||
readonly version?: string;
|
||||
readonly endpointPrivateAccess: boolean;
|
||||
readonly endpointPublicAccess: boolean;
|
||||
readonly publicAccessCidrs?: string[];
|
||||
readonly vpc: ec2.IVpc;
|
||||
readonly environment?: {
|
||||
[key: string]: string;
|
||||
};
|
||||
readonly subnets?: ec2.ISubnet[];
|
||||
readonly secretsEncryptionKey?: kms.IKeyRef;
|
||||
readonly onEventLayer?: lambda.ILayerVersion;
|
||||
readonly clusterHandlerSecurityGroup?: ec2.ISecurityGroup;
|
||||
readonly tags?: {
|
||||
[key: string]: string;
|
||||
};
|
||||
readonly logging?: {
|
||||
[key: string]: [{
|
||||
[key: string]: any;
|
||||
}];
|
||||
};
|
||||
readonly accessconfig?: CfnCluster.AccessConfigProperty;
|
||||
readonly remoteNetworkConfig?: CfnCluster.RemoteNetworkConfigProperty;
|
||||
readonly bootstrapSelfManagedAddons?: boolean;
|
||||
}
|
||||
/**
|
||||
* A low-level CFN resource Amazon EKS cluster implemented through a custom
|
||||
* resource.
|
||||
*
|
||||
* Implements EKS create/update/delete through a CloudFormation custom resource
|
||||
* in order to allow us to control the IAM role which creates the cluster. This
|
||||
* is required in order to be able to allow CloudFormation to interact with the
|
||||
* cluster via `kubectl` to enable Kubernetes management capabilities like apply
|
||||
* manifest and IAM role/user RBAC mapping.
|
||||
*/
|
||||
export declare class ClusterResource extends Construct {
|
||||
readonly ref: string;
|
||||
readonly adminRole: iam.Role;
|
||||
private readonly resource;
|
||||
constructor(scope: Construct, id: string, props: ClusterResourceProps);
|
||||
get attrEndpoint(): string;
|
||||
get attrArn(): string;
|
||||
get attrCertificateAuthorityData(): string;
|
||||
get attrClusterSecurityGroupId(): string;
|
||||
get attrEncryptionConfigKeyArn(): string;
|
||||
get attrOpenIdConnectIssuerUrl(): string;
|
||||
get attrOpenIdConnectIssuer(): string;
|
||||
private createAdminRole;
|
||||
}
|
||||
export declare function clusterArnComponents(clusterName: string): ArnComponents;
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster-resource.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ClusterResource=void 0,exports.clusterArnComponents=clusterArnComponents;var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},consts_1=()=>{var tmp=require("./cluster-resource-handler/consts");return consts_1=()=>tmp,tmp},cluster_resource_provider_1=()=>{var tmp=require("./cluster-resource-provider");return cluster_resource_provider_1=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class ClusterResource extends constructs_1().Construct{ref;adminRole;resource;constructor(scope,id,props){if(super(scope,id),!props.roleArn)throw new(core_1()).ValidationError((0,literal_string_1().lit)`IsRequiredRolearnRequired`,'"roleArn" is required',this);const provider=cluster_resource_provider_1().ClusterResourceProvider.getOrCreate(this,{subnets:props.subnets,vpc:props.vpc,environment:props.environment,onEventLayer:props.onEventLayer,securityGroup:props.clusterHandlerSecurityGroup});this.adminRole=this.createAdminRole(provider,props),this.resource=new(core_1()).CustomResource(this,"Resource",{resourceType:consts_1().CLUSTER_RESOURCE_TYPE,serviceToken:provider.serviceToken,properties:{Config:{name:props.name,version:props.version,roleArn:props.roleArn,encryptionConfig:props.encryptionConfig,kubernetesNetworkConfig:props.kubernetesNetworkConfig,resourcesVpcConfig:{subnetIds:props.resourcesVpcConfig.subnetIds,securityGroupIds:props.resourcesVpcConfig.securityGroupIds,endpointPublicAccess:props.endpointPublicAccess,endpointPrivateAccess:props.endpointPrivateAccess,publicAccessCidrs:props.publicAccessCidrs},tags:props.tags,logging:props.logging,accessConfig:props.accessconfig,remoteNetworkConfig:props.remoteNetworkConfig,bootstrapSelfManagedAddons:props.bootstrapSelfManagedAddons},AssumeRoleArn:this.adminRole.roleArn,AttributesRevision:5}}),this.resource.node.addDependency(this.adminRole),this.ref=this.resource.ref}get attrEndpoint(){return core_1().Token.asString(this.resource.getAtt("Endpoint"))}get attrArn(){return core_1().Token.asString(this.resource.getAtt("Arn"))}get attrCertificateAuthorityData(){return core_1().Token.asString(this.resource.getAtt("CertificateAuthorityData"))}get attrClusterSecurityGroupId(){return core_1().Token.asString(this.resource.getAtt("ClusterSecurityGroupId"))}get attrEncryptionConfigKeyArn(){return core_1().Token.asString(this.resource.getAtt("EncryptionConfigKeyArn"))}get attrOpenIdConnectIssuerUrl(){return core_1().Token.asString(this.resource.getAtt("OpenIdConnectIssuerUrl"))}get attrOpenIdConnectIssuer(){return core_1().Token.asString(this.resource.getAtt("OpenIdConnectIssuer"))}createAdminRole(provider,props){const stack=core_1().Stack.of(this),creationRole=new(iam()).Role(this,"CreationRole",{assumedBy:new(iam()).CompositePrincipal(provider.provider.onEventHandler.role,provider.provider.isCompleteHandler.role)});creationRole.addToPolicy(new(iam()).PolicyStatement({actions:["iam:PassRole"],resources:[props.roleArn]}));const resourceArns=core_1().Lazy.list({produce:()=>{const arn=stack.formatArn(clusterArnComponents(stack.resolve(props.name)));return stack.resolve(props.name)?[arn,`${arn}/*`]:["*"]}}),fargateProfileResourceArn=core_1().Lazy.string({produce:()=>stack.resolve(props.name)?stack.formatArn({service:"eks",resource:"fargateprofile",resourceName:stack.resolve(props.name)+"/*"}):"*"});return creationRole.addToPolicy(new(iam()).PolicyStatement({actions:["eks:CreateCluster","eks:DescribeCluster","eks:DescribeUpdate","eks:DeleteCluster","eks:UpdateClusterVersion","eks:UpdateClusterConfig","eks:CreateFargateProfile","eks:TagResource","eks:UntagResource"],resources:resourceArns})),creationRole.addToPolicy(new(iam()).PolicyStatement({actions:["eks:DescribeFargateProfile","eks:DeleteFargateProfile"],resources:[fargateProfileResourceArn]})),creationRole.addToPolicy(new(iam()).PolicyStatement({actions:["iam:GetRole","iam:listAttachedRolePolicies"],resources:["*"]})),creationRole.addToPolicy(new(iam()).PolicyStatement({actions:["iam:CreateServiceLinkedRole"],resources:["*"]})),creationRole.addToPolicy(new(iam()).PolicyStatement({actions:["ec2:DescribeInstances","ec2:DescribeNetworkInterfaces","ec2:DescribeSecurityGroups","ec2:DescribeSubnets","ec2:DescribeRouteTables","ec2:DescribeDhcpOptions","ec2:DescribeVpcs"],resources:["*"]})),props.secretsEncryptionKey&&creationRole.addToPolicy(new(iam()).PolicyStatement({actions:["kms:Encrypt","kms:Decrypt","kms:DescribeKey","kms:CreateGrant"],resources:[props.secretsEncryptionKey.keyRef.keyArn]})),creationRole}}exports.ClusterResource=ClusterResource;function clusterArnComponents(clusterName){return{service:"eks",resource:"cluster",resourceName:clusterName}}
|
||||
1797
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster.d.ts
generated
vendored
Normal file
1797
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster.d.ts
generated
vendored
Normal file
File diff suppressed because it is too large
Load Diff
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/cluster.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
98
cdk/node_modules/aws-cdk-lib/aws-eks/lib/eks-canned-metrics.generated.d.ts
generated
vendored
Normal file
98
cdk/node_modules/aws-cdk-lib/aws-eks/lib/eks-canned-metrics.generated.d.ts
generated
vendored
Normal file
@@ -0,0 +1,98 @@
|
||||
export interface MetricWithDims<D> {
|
||||
readonly namespace: string;
|
||||
readonly metricName: string;
|
||||
readonly statistic: string;
|
||||
readonly dimensionsMap: D;
|
||||
}
|
||||
export declare class EKSMetrics {
|
||||
static schedulerPendingPodsSum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static schedulerPendingPodsActiveqSum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static schedulerPendingPodsUnschedulableSum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestTotalSum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestTotal5XxSum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestTotal4XxSum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestTotal429Sum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestDurationSecondsGetP99Average(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestDurationSecondsPostP99Average(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestDurationSecondsPutP99Average(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestDurationSecondsDeleteP99Average(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestDurationSecondsPatchP99Average(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverRequestDurationSecondsListP99Average(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverCurrentInflightRequestsMutatingAverage(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverCurrentInflightRequestsReadonlyAverage(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverAdmissionWebhookRequestTotalSum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverAdmissionWebhookRequestTotalValidatingSum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
static apiserverAdmissionWebhookRequestTotalAdmitSum(this: void, dimensions: {
|
||||
ClusterName: string;
|
||||
}): MetricWithDims<{
|
||||
ClusterName: string;
|
||||
}>;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/eks-canned-metrics.generated.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/eks-canned-metrics.generated.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.EKSMetrics=void 0;class EKSMetrics{static schedulerPendingPodsSum(dimensions){return{namespace:"AWS/EKS",metricName:"scheduler_pending_pods",dimensionsMap:dimensions,statistic:"Sum"}}static schedulerPendingPodsActiveqSum(dimensions){return{namespace:"AWS/EKS",metricName:"scheduler_pending_pods_ACTIVEQ",dimensionsMap:dimensions,statistic:"Sum"}}static schedulerPendingPodsUnschedulableSum(dimensions){return{namespace:"AWS/EKS",metricName:"scheduler_pending_pods_UNSCHEDULABLE",dimensionsMap:dimensions,statistic:"Sum"}}static apiserverRequestTotalSum(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_total",dimensionsMap:dimensions,statistic:"Sum"}}static apiserverRequestTotal5XxSum(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_total_5XX",dimensionsMap:dimensions,statistic:"Sum"}}static apiserverRequestTotal4XxSum(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_total_4XX",dimensionsMap:dimensions,statistic:"Sum"}}static apiserverRequestTotal429Sum(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_total_429",dimensionsMap:dimensions,statistic:"Sum"}}static apiserverRequestDurationSecondsGetP99Average(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_duration_seconds_GET_P99",dimensionsMap:dimensions,statistic:"Average"}}static apiserverRequestDurationSecondsPostP99Average(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_duration_seconds_POST_P99",dimensionsMap:dimensions,statistic:"Average"}}static apiserverRequestDurationSecondsPutP99Average(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_duration_seconds_PUT_P99",dimensionsMap:dimensions,statistic:"Average"}}static apiserverRequestDurationSecondsDeleteP99Average(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_duration_seconds_DELETE_P99",dimensionsMap:dimensions,statistic:"Average"}}static apiserverRequestDurationSecondsPatchP99Average(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_duration_seconds_PATCH_P99",dimensionsMap:dimensions,statistic:"Average"}}static apiserverRequestDurationSecondsListP99Average(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_request_duration_seconds_LIST_P99",dimensionsMap:dimensions,statistic:"Average"}}static apiserverCurrentInflightRequestsMutatingAverage(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_current_inflight_requests_MUTATING",dimensionsMap:dimensions,statistic:"Average"}}static apiserverCurrentInflightRequestsReadonlyAverage(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_current_inflight_requests_READONLY",dimensionsMap:dimensions,statistic:"Average"}}static apiserverAdmissionWebhookRequestTotalSum(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_admission_webhook_request_total",dimensionsMap:dimensions,statistic:"Sum"}}static apiserverAdmissionWebhookRequestTotalValidatingSum(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_admission_webhook_request_total_VALIDATING",dimensionsMap:dimensions,statistic:"Sum"}}static apiserverAdmissionWebhookRequestTotalAdmitSum(dimensions){return{namespace:"AWS/EKS",metricName:"apiserver_admission_webhook_request_total_ADMIT",dimensionsMap:dimensions,statistic:"Sum"}}}exports.EKSMetrics=EKSMetrics;
|
||||
3566
cdk/node_modules/aws-cdk-lib/aws-eks/lib/eks.generated.d.ts
generated
vendored
Normal file
3566
cdk/node_modules/aws-cdk-lib/aws-eks/lib/eks.generated.d.ts
generated
vendored
Normal file
File diff suppressed because it is too large
Load Diff
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/eks.generated.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/eks.generated.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
34
cdk/node_modules/aws-cdk-lib/aws-eks/lib/fargate-cluster.d.ts
generated
vendored
Normal file
34
cdk/node_modules/aws-cdk-lib/aws-eks/lib/fargate-cluster.d.ts
generated
vendored
Normal file
@@ -0,0 +1,34 @@
|
||||
import type { Construct } from 'constructs';
|
||||
import type { ClusterOptions } from './cluster';
|
||||
import { Cluster } from './cluster';
|
||||
import type { FargateProfile, FargateProfileOptions } from './fargate-profile';
|
||||
/**
|
||||
* Configuration props for EKS Fargate.
|
||||
*/
|
||||
export interface FargateClusterProps extends ClusterOptions {
|
||||
/**
|
||||
* Fargate Profile to create along with the cluster.
|
||||
*
|
||||
* @default - A profile called "default" with 'default' and 'kube-system'
|
||||
* selectors will be created if this is left undefined.
|
||||
*/
|
||||
readonly defaultProfile?: FargateProfileOptions;
|
||||
}
|
||||
/**
|
||||
* Defines an EKS cluster that runs entirely on AWS Fargate.
|
||||
*
|
||||
* The cluster is created with a default Fargate Profile that matches the
|
||||
* "default" and "kube-system" namespaces. You can add additional profiles using
|
||||
* `addFargateProfile`.
|
||||
*/
|
||||
export declare class FargateCluster extends Cluster {
|
||||
/**
|
||||
* Uniquely identifies this class.
|
||||
*/
|
||||
static readonly PROPERTY_INJECTION_ID: string;
|
||||
/**
|
||||
* Fargate Profile that was created with the cluster.
|
||||
*/
|
||||
readonly defaultProfile: FargateProfile;
|
||||
constructor(scope: Construct, id: string, props: FargateClusterProps);
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/fargate-cluster.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/fargate-cluster.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";var __esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0},__runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.FargateCluster=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var cluster_1=()=>{var tmp=require("./cluster");return cluster_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp};let FargateCluster=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=cluster_1().Cluster;var FargateCluster2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),FargateCluster2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.FargateCluster",version:"2.252.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-eks.FargateCluster";defaultProfile;constructor(scope,id,props){super(scope,id,{...props,defaultCapacity:0,coreDnsComputeType:props.coreDnsComputeType??cluster_1().CoreDnsComputeType.FARGATE,version:props.version});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_FargateClusterProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,FargateCluster2),error}(0,metadata_resource_1().addConstructMetadata)(this,props),this.defaultProfile=this.addFargateProfile(props.defaultProfile?.fargateProfileName??(props.defaultProfile?"custom":"default"),props.defaultProfile??{selectors:[{namespace:"default"},{namespace:"kube-system"}]})}static{__runInitializers(_classThis,_classExtraInitializers)}};return FargateCluster2=_classThis})();exports.FargateCluster=FargateCluster;
|
||||
144
cdk/node_modules/aws-cdk-lib/aws-eks/lib/fargate-profile.d.ts
generated
vendored
Normal file
144
cdk/node_modules/aws-cdk-lib/aws-eks/lib/fargate-profile.d.ts
generated
vendored
Normal file
@@ -0,0 +1,144 @@
|
||||
import { Construct } from 'constructs';
|
||||
import type { Cluster } from './cluster';
|
||||
import * as ec2 from '../../aws-ec2';
|
||||
import * as iam from '../../aws-iam';
|
||||
import type { ITaggable, RemovalPolicy } from '../../core';
|
||||
import { TagManager } from '../../core';
|
||||
/**
|
||||
* Options for defining EKS Fargate Profiles.
|
||||
*/
|
||||
export interface FargateProfileOptions {
|
||||
/**
|
||||
* The name of the Fargate profile.
|
||||
* @default - generated
|
||||
*/
|
||||
readonly fargateProfileName?: string;
|
||||
/**
|
||||
* The pod execution role to use for pods that match the selectors in the
|
||||
* Fargate profile. The pod execution role allows Fargate infrastructure to
|
||||
* register with your cluster as a node, and it provides read access to Amazon
|
||||
* ECR image repositories.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html
|
||||
* @default - a role will be automatically created
|
||||
*/
|
||||
readonly podExecutionRole?: iam.IRole;
|
||||
/**
|
||||
* The selectors to match for pods to use this Fargate profile. Each selector
|
||||
* must have an associated namespace. Optionally, you can also specify labels
|
||||
* for a namespace.
|
||||
*
|
||||
* At least one selector is required and you may specify up to five selectors.
|
||||
*/
|
||||
readonly selectors: Selector[];
|
||||
/**
|
||||
* The VPC from which to select subnets to launch your pods into.
|
||||
*
|
||||
* By default, all private subnets are selected. You can customize this using
|
||||
* `subnetSelection`.
|
||||
*
|
||||
* @default - all private subnets used by the EKS cluster
|
||||
*/
|
||||
readonly vpc?: ec2.IVpc;
|
||||
/**
|
||||
* Select which subnets to launch your pods into. At this time, pods running
|
||||
* on Fargate are not assigned public IP addresses, so only private subnets
|
||||
* (with no direct route to an Internet Gateway) are allowed.
|
||||
*
|
||||
* You must specify the VPC to customize the subnet selection
|
||||
*
|
||||
* @default - all private subnets of the VPC are selected.
|
||||
*/
|
||||
readonly subnetSelection?: ec2.SubnetSelection;
|
||||
/**
|
||||
* The removal policy applied to the custom resource that manages the Fargate profile.
|
||||
*
|
||||
* The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Configuration props for EKS Fargate Profiles.
|
||||
*/
|
||||
export interface FargateProfileProps extends FargateProfileOptions {
|
||||
/**
|
||||
* The EKS cluster to apply the Fargate profile to.
|
||||
* [disable-awslint:ref-via-interface]
|
||||
*/
|
||||
readonly cluster: Cluster;
|
||||
}
|
||||
/**
|
||||
* Fargate profile selector.
|
||||
*/
|
||||
export interface Selector {
|
||||
/**
|
||||
* The Kubernetes namespace that the selector should match.
|
||||
*
|
||||
* You must specify a namespace for a selector. The selector only matches pods
|
||||
* that are created in this namespace, but you can create multiple selectors
|
||||
* to target multiple namespaces.
|
||||
*/
|
||||
readonly namespace: string;
|
||||
/**
|
||||
* The Kubernetes labels that the selector should match. A pod must contain
|
||||
* all of the labels that are specified in the selector for it to be
|
||||
* considered a match.
|
||||
*
|
||||
* @default - all pods within the namespace will be selected.
|
||||
*/
|
||||
readonly labels?: {
|
||||
[key: string]: string;
|
||||
};
|
||||
}
|
||||
/**
|
||||
* Fargate profiles allows an administrator to declare which pods run on
|
||||
* Fargate. This declaration is done through the profile’s selectors. Each
|
||||
* profile can have up to five selectors that contain a namespace and optional
|
||||
* labels. You must define a namespace for every selector. The label field
|
||||
* consists of multiple optional key-value pairs. Pods that match a selector (by
|
||||
* matching a namespace for the selector and all of the labels specified in the
|
||||
* selector) are scheduled on Fargate. If a namespace selector is defined
|
||||
* without any labels, Amazon EKS will attempt to schedule all pods that run in
|
||||
* that namespace onto Fargate using the profile. If a to-be-scheduled pod
|
||||
* matches any of the selectors in the Fargate profile, then that pod is
|
||||
* scheduled on Fargate.
|
||||
*
|
||||
* If a pod matches multiple Fargate profiles, Amazon EKS picks one of the
|
||||
* matches at random. In this case, you can specify which profile a pod should
|
||||
* use by adding the following Kubernetes label to the pod specification:
|
||||
* eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still
|
||||
* match a selector in that profile in order to be scheduled onto Fargate.
|
||||
*/
|
||||
export declare class FargateProfile extends Construct implements ITaggable {
|
||||
/**
|
||||
* The full Amazon Resource Name (ARN) of the Fargate profile.
|
||||
*
|
||||
* @attribute
|
||||
*/
|
||||
readonly fargateProfileArn: string;
|
||||
/**
|
||||
* The name of the Fargate profile.
|
||||
*
|
||||
* @attribute
|
||||
*/
|
||||
readonly fargateProfileName: string;
|
||||
/**
|
||||
* Resource tags.
|
||||
*/
|
||||
readonly tags: TagManager;
|
||||
/**
|
||||
* The pod execution role to use for pods that match the selectors in the
|
||||
* Fargate profile. The pod execution role allows Fargate infrastructure to
|
||||
* register with your cluster as a node, and it provides read access to Amazon
|
||||
* ECR image repositories.
|
||||
*/
|
||||
readonly podExecutionRole: iam.IRole;
|
||||
constructor(scope: Construct, id: string, props: FargateProfileProps);
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/fargate-profile.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/fargate-profile.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.FargateProfile=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},cluster_1=()=>{var tmp=require("./cluster");return cluster_1=()=>tmp,tmp},consts_1=()=>{var tmp=require("./cluster-resource-handler/consts");return consts_1=()=>tmp,tmp},cluster_resource_provider_1=()=>{var tmp=require("./cluster-resource-provider");return cluster_resource_provider_1=()=>tmp,tmp},ec2=()=>{var tmp=require("../../aws-ec2");return ec2=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class FargateProfile extends constructs_1().Construct{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.FargateProfile",version:"2.252.0"};fargateProfileArn;fargateProfileName;tags;podExecutionRole;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_FargateProfileProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,FargateProfile),error}const provider=cluster_resource_provider_1().ClusterResourceProvider.getOrCreate(this,{onEventLayer:props.cluster.onEventLayer});this.podExecutionRole=props.podExecutionRole??new(iam()).Role(this,"PodExecutionRole",{assumedBy:new(iam()).ServicePrincipal("eks-fargate-pods.amazonaws.com"),managedPolicies:[iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonEKSFargatePodExecutionRolePolicy")]}),this.podExecutionRole.grantPassRole(props.cluster.adminRole),props.subnetSelection&&!props.vpc&&core_1().Annotations.of(this).addWarningV2("@aws-cdk/aws-eks:fargateProfileDefaultToPrivateSubnets","Vpc must be defined to use a custom subnet selection. All private subnets belonging to the EKS cluster will be used by default");let subnets;if(props.vpc){const selection=props.subnetSelection??{subnetType:ec2().SubnetType.PRIVATE_WITH_EGRESS};subnets=props.vpc.selectSubnets(selection).subnetIds}if(props.selectors.length<1)throw new(core_1()).ValidationError((0,literal_string_1().lit)`FargateProfileRequiresLeastOne`,"Fargate profile requires at least one selector",this);if(props.selectors.length>5)throw new(core_1()).ValidationError((0,literal_string_1().lit)`FargateProfileSupportsUpFive`,"Fargate profile supports up to five selectors",this);this.tags=new(core_1()).TagManager(core_1().TagType.MAP,"AWS::EKS::FargateProfile");const resource=new(core_1()).CustomResource(this,"Resource",{serviceToken:provider.serviceToken,resourceType:consts_1().FARGATE_PROFILE_RESOURCE_TYPE,properties:{AssumeRoleArn:props.cluster.adminRole.roleArn,Config:{clusterName:props.cluster.clusterName,fargateProfileName:props.fargateProfileName,podExecutionRoleArn:this.podExecutionRole.roleArn,selectors:props.selectors,subnets,tags:core_1().Lazy.any({produce:()=>this.tags.renderTags()})}}});this.fargateProfileArn=resource.getAttString("fargateProfileArn"),this.fargateProfileName=resource.ref;const clusterFargateProfiles=props.cluster._attachFargateProfile(this);if(clusterFargateProfiles.length>1){const previousProfile=clusterFargateProfiles[clusterFargateProfiles.length-2];resource.node.addDependency(previousProfile)}[void 0,cluster_1().AuthenticationMode.CONFIG_MAP,cluster_1().AuthenticationMode.API_AND_CONFIG_MAP].includes(props.cluster.authenticationMode)&&props.cluster.awsAuth.addRoleMapping(this.podExecutionRole,{username:"system:node:{{SessionName}}",groups:["system:bootstrappers","system:nodes","system:node-proxier"]}),props.removalPolicy&&core_1().RemovalPolicies.of(this).apply(props.removalPolicy)}}exports.FargateProfile=FargateProfile;
|
||||
123
cdk/node_modules/aws-cdk-lib/aws-eks/lib/helm-chart.d.ts
generated
vendored
Normal file
123
cdk/node_modules/aws-cdk-lib/aws-eks/lib/helm-chart.d.ts
generated
vendored
Normal file
@@ -0,0 +1,123 @@
|
||||
import { Construct } from 'constructs';
|
||||
import type { ICluster } from './cluster';
|
||||
import type { Asset } from '../../aws-s3-assets';
|
||||
import type { Duration, RemovalPolicy } from '../../core';
|
||||
/**
|
||||
* Helm Chart options.
|
||||
*/
|
||||
export interface HelmChartOptions {
|
||||
/**
|
||||
* The name of the chart.
|
||||
* Either this or `chartAsset` must be specified.
|
||||
*
|
||||
* @default - No chart name. Implies `chartAsset` is used.
|
||||
*/
|
||||
readonly chart?: string;
|
||||
/**
|
||||
* The name of the release.
|
||||
* @default - If no release name is given, it will use the last 53 characters of the node's unique id.
|
||||
*/
|
||||
readonly release?: string;
|
||||
/**
|
||||
* The chart version to install.
|
||||
* @default - If this is not specified, the latest version is installed
|
||||
*/
|
||||
readonly version?: string;
|
||||
/**
|
||||
* The repository which contains the chart. For example: https://charts.helm.sh/stable/
|
||||
* @default - No repository will be used, which means that the chart needs to be an absolute URL.
|
||||
*/
|
||||
readonly repository?: string;
|
||||
/**
|
||||
* The chart in the form of an asset.
|
||||
* Either this or `chart` must be specified.
|
||||
*
|
||||
* @default - No chart asset. Implies `chart` is used.
|
||||
*/
|
||||
readonly chartAsset?: Asset;
|
||||
/**
|
||||
* The Kubernetes namespace scope of the requests.
|
||||
* @default default
|
||||
*/
|
||||
readonly namespace?: string;
|
||||
/**
|
||||
* The values to be used by the chart.
|
||||
* For nested values use a nested dictionary. For example:
|
||||
* values: {
|
||||
* installationCRDs: true,
|
||||
* webhook: { port: 9443 }
|
||||
* }
|
||||
* @default - No values are provided to the chart.
|
||||
*/
|
||||
readonly values?: {
|
||||
[key: string]: any;
|
||||
};
|
||||
/**
|
||||
* Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a
|
||||
* Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful.
|
||||
* @default - Helm will not wait before marking release as successful
|
||||
*/
|
||||
readonly wait?: boolean;
|
||||
/**
|
||||
* Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes.
|
||||
* @default Duration.minutes(5)
|
||||
*/
|
||||
readonly timeout?: Duration;
|
||||
/**
|
||||
* Whether or not Helm should treat this operation as atomic; if set, upgrade process rolls back changes
|
||||
* made in case of failed upgrade. The --wait flag will be set automatically if --atomic is used.
|
||||
* @default false
|
||||
*/
|
||||
readonly atomic?: boolean;
|
||||
/**
|
||||
* create namespace if not exist
|
||||
* @default true
|
||||
*/
|
||||
readonly createNamespace?: boolean;
|
||||
/**
|
||||
* if set, no CRDs will be installed
|
||||
* @default - CRDs are installed if not already present
|
||||
*/
|
||||
readonly skipCrds?: boolean;
|
||||
/**
|
||||
* The removal policy applied to the custom resource that manages the Helm chart.
|
||||
*
|
||||
* The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Helm Chart properties.
|
||||
*/
|
||||
export interface HelmChartProps extends HelmChartOptions {
|
||||
/**
|
||||
* The EKS cluster to apply this configuration to.
|
||||
*
|
||||
* [disable-awslint:ref-via-interface]
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
}
|
||||
/**
|
||||
* Represents a helm chart within the Kubernetes system.
|
||||
*
|
||||
* Applies/deletes the resources using `kubectl` in sync with the resource.
|
||||
*/
|
||||
export declare class HelmChart extends Construct {
|
||||
/**
|
||||
* The CloudFormation resource type.
|
||||
*/
|
||||
static readonly RESOURCE_TYPE = "Custom::AWSCDK-EKS-HelmChart";
|
||||
readonly chart?: string;
|
||||
readonly repository?: string;
|
||||
readonly version?: string;
|
||||
readonly chartAsset?: Asset;
|
||||
readonly atomic?: boolean;
|
||||
constructor(scope: Construct, id: string, props: HelmChartProps);
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/helm-chart.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/helm-chart.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.HelmChart=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},kubectl_provider_1=()=>{var tmp=require("./kubectl-provider");return kubectl_provider_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class HelmChart extends constructs_1().Construct{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.HelmChart",version:"2.252.0"};static RESOURCE_TYPE="Custom::AWSCDK-EKS-HelmChart";chart;repository;version;chartAsset;atomic;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_HelmChartProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,HelmChart),error}this.chart=props.chart,this.repository=props.repository,this.version=props.version,this.chartAsset=props.chartAsset;const stack=core_1().Stack.of(this),provider=kubectl_provider_1().KubectlProvider.getOrCreate(this,props.cluster),timeout=props.timeout?.toSeconds();if(timeout&&timeout>900)throw new(core_1()).ValidationError((0,literal_string_1().lit)`HelmChartTimeoutCannotHigher`,"Helm chart timeout cannot be higher than 15 minutes.",this);if(!this.chart&&!this.chartAsset)throw new(core_1()).ValidationError((0,literal_string_1().lit)`MustBeEitherChartChartasset`,"Either 'chart' or 'chartAsset' must be specified to install a helm chart",this);if(this.chartAsset&&(this.repository||this.version))throw new(core_1()).ValidationError((0,literal_string_1().lit)`ChartAssetRepositoryVersionConflict`,"Neither 'repository' nor 'version' can be used when configuring 'chartAsset'",this);const wait=props.wait??!1,createNamespace=props.createNamespace??!0,skipCrds=props.skipCrds??!1,atomic=props.atomic??!1;this.chartAsset?.grantRead(provider.handlerRole),new(core_1()).CustomResource(this,"Resource",{serviceToken:provider.serviceToken,resourceType:HelmChart.RESOURCE_TYPE,removalPolicy:props.removalPolicy,properties:{ClusterName:props.cluster.clusterName,RoleArn:provider.roleArn,Release:props.release??core_1().Names.uniqueId(this).slice(-53).toLowerCase(),Chart:this.chart,ChartAssetURL:this.chartAsset?.s3ObjectUrl,Version:this.version,Wait:wait||void 0,Timeout:timeout?`${timeout.toString()}s`:void 0,Values:props.values?stack.toJsonString(props.values):void 0,Namespace:props.namespace??"default",Repository:this.repository,CreateNamespace:createNamespace||void 0,SkipCrds:skipCrds||void 0,Atomic:atomic||void 0}})}}exports.HelmChart=HelmChart;
|
||||
17
cdk/node_modules/aws-cdk-lib/aws-eks/lib/index.d.ts
generated
vendored
Normal file
17
cdk/node_modules/aws-cdk-lib/aws-eks/lib/index.d.ts
generated
vendored
Normal file
@@ -0,0 +1,17 @@
|
||||
export * from './aws-auth';
|
||||
export * from './aws-auth-mapping';
|
||||
export * from './cluster';
|
||||
export * from './eks.generated';
|
||||
export * from './fargate-profile';
|
||||
export * from './helm-chart';
|
||||
export * from './k8s-patch';
|
||||
export * from './k8s-manifest';
|
||||
export * from './k8s-object-value';
|
||||
export * from './kubectl-provider';
|
||||
export * from './fargate-cluster';
|
||||
export * from './service-account';
|
||||
export * from './managed-nodegroup';
|
||||
export * from './oidc-provider';
|
||||
export * from './alb-controller';
|
||||
export * from './access-entry';
|
||||
export * from './addon';
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/index.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/index.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
8
cdk/node_modules/aws-cdk-lib/aws-eks/lib/instance-types.d.ts
generated
vendored
Normal file
8
cdk/node_modules/aws-cdk-lib/aws-eks/lib/instance-types.d.ts
generated
vendored
Normal file
@@ -0,0 +1,8 @@
|
||||
export declare const INSTANCE_TYPES: {
|
||||
gpu: string[];
|
||||
inferentia: string[];
|
||||
graviton: string[];
|
||||
graviton2: string[];
|
||||
graviton3: string[];
|
||||
trainium: string[];
|
||||
};
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/instance-types.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/instance-types.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.INSTANCE_TYPES=void 0,exports.INSTANCE_TYPES={gpu:["p2","p3","g2","g3","g4"],inferentia:["inf1","inf2"],graviton:["a1"],graviton2:["c6g","m6g","r6g","t4g"],graviton3:["c7g"],trainium:["trn1","trn1n"]};
|
||||
142
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-manifest.d.ts
generated
vendored
Normal file
142
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-manifest.d.ts
generated
vendored
Normal file
@@ -0,0 +1,142 @@
|
||||
import { Construct } from 'constructs';
|
||||
import { AlbScheme } from './alb-controller';
|
||||
import type { ICluster } from './cluster';
|
||||
import type { RemovalPolicy } from '../../core';
|
||||
/**
|
||||
* Options for `KubernetesManifest`.
|
||||
*/
|
||||
export interface KubernetesManifestOptions {
|
||||
/**
|
||||
* When a resource is removed from a Kubernetes manifest, it no longer appears
|
||||
* in the manifest, and there is no way to know that this resource needs to be
|
||||
* deleted. To address this, `kubectl apply` has a `--prune` option which will
|
||||
* query the cluster for all resources with a specific label and will remove
|
||||
* all the labeld resources that are not part of the applied manifest. If this
|
||||
* option is disabled and a resource is removed, it will become "orphaned" and
|
||||
* will not be deleted from the cluster.
|
||||
*
|
||||
* When this option is enabled (default), the construct will inject a label to
|
||||
* all Kubernetes resources included in this manifest which will be used to
|
||||
* prune resources when the manifest changes via `kubectl apply --prune`.
|
||||
*
|
||||
* The label name will be `aws.cdk.eks/prune-<ADDR>` where `<ADDR>` is the
|
||||
* 42-char unique address of this construct in the construct tree. Value is
|
||||
* empty.
|
||||
*
|
||||
* @see
|
||||
* https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label
|
||||
*
|
||||
* @default - based on the prune option of the cluster, which is `true` unless
|
||||
* otherwise specified.
|
||||
*/
|
||||
readonly prune?: boolean;
|
||||
/**
|
||||
* A flag to signify if the manifest validation should be skipped
|
||||
*
|
||||
* @default false
|
||||
*/
|
||||
readonly skipValidation?: boolean;
|
||||
/**
|
||||
* Automatically detect `Ingress` resources in the manifest and annotate them so they
|
||||
* are picked up by an ALB Ingress Controller.
|
||||
*
|
||||
* @default false
|
||||
*/
|
||||
readonly ingressAlb?: boolean;
|
||||
/**
|
||||
* Specify the ALB scheme that should be applied to `Ingress` resources.
|
||||
* Only applicable if `ingressAlb` is set to `true`.
|
||||
*
|
||||
* @default AlbScheme.INTERNAL
|
||||
*/
|
||||
readonly ingressAlbScheme?: AlbScheme;
|
||||
/**
|
||||
* The removal policy applied to the custom resource that manages the Kubernetes manifest.
|
||||
*
|
||||
* The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Properties for KubernetesManifest
|
||||
*/
|
||||
export interface KubernetesManifestProps extends KubernetesManifestOptions {
|
||||
/**
|
||||
* The EKS cluster to apply this manifest to.
|
||||
*
|
||||
* [disable-awslint:ref-via-interface]
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
/**
|
||||
* The manifest to apply.
|
||||
*
|
||||
* Consists of any number of child resources.
|
||||
*
|
||||
* When the resources are created/updated, this manifest will be applied to the
|
||||
* cluster through `kubectl apply` and when the resources or the stack is
|
||||
* deleted, the resources in the manifest will be deleted through `kubectl delete`.
|
||||
*
|
||||
* @example
|
||||
*
|
||||
* [{
|
||||
* apiVersion: 'v1',
|
||||
* kind: 'Pod',
|
||||
* metadata: { name: 'mypod' },
|
||||
* spec: {
|
||||
* containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ]
|
||||
* }
|
||||
* }]
|
||||
*
|
||||
*/
|
||||
readonly manifest: Record<string, any>[];
|
||||
/**
|
||||
* Overwrite any existing resources.
|
||||
*
|
||||
* If this is set, we will use `kubectl apply` instead of `kubectl create`
|
||||
* when the resource is created. Otherwise, if there is already a resource
|
||||
* in the cluster with the same name, the operation will fail.
|
||||
*
|
||||
* @default false
|
||||
*/
|
||||
readonly overwrite?: boolean;
|
||||
}
|
||||
/**
|
||||
* Represents a manifest within the Kubernetes system.
|
||||
*
|
||||
* Alternatively, you can use `cluster.addManifest(resource[, resource, ...])`
|
||||
* to define resources on this cluster.
|
||||
*
|
||||
* Applies/deletes the manifest using `kubectl`.
|
||||
*/
|
||||
export declare class KubernetesManifest extends Construct {
|
||||
/**
|
||||
* Uniquely identifies this class.
|
||||
*/
|
||||
static readonly PROPERTY_INJECTION_ID: string;
|
||||
/**
|
||||
* The CloudFormation resource type.
|
||||
*/
|
||||
static readonly RESOURCE_TYPE = "Custom::AWSCDK-EKS-KubernetesResource";
|
||||
constructor(scope: Construct, id: string, props: KubernetesManifestProps);
|
||||
/**
|
||||
* Injects a generated prune label to all resources in this manifest. The
|
||||
* label name will be `awscdk.eks/manifest-ADDR` where `ADDR` is the address
|
||||
* of the construct in the construct tree.
|
||||
*
|
||||
* @returns the label name
|
||||
*/
|
||||
private injectPruneLabel;
|
||||
/**
|
||||
* Inject the necessary ingress annotations if possible (and requested).
|
||||
*
|
||||
* @see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/
|
||||
*/
|
||||
private injectIngressAlbAnnotations;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-manifest.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-manifest.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
70
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-object-value.d.ts
generated
vendored
Normal file
70
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-object-value.d.ts
generated
vendored
Normal file
@@ -0,0 +1,70 @@
|
||||
import { Construct } from 'constructs';
|
||||
import type { ICluster } from './cluster';
|
||||
import type { RemovalPolicy } from '../../core';
|
||||
import { Duration } from '../../core';
|
||||
/**
|
||||
* Properties for KubernetesObjectValue.
|
||||
*/
|
||||
export interface KubernetesObjectValueProps {
|
||||
/**
|
||||
* The EKS cluster to fetch attributes from.
|
||||
*
|
||||
* [disable-awslint:ref-via-interface]
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
/**
|
||||
* The object type to query. (e.g 'service', 'pod'...)
|
||||
*/
|
||||
readonly objectType: string;
|
||||
/**
|
||||
* The name of the object to query.
|
||||
*/
|
||||
readonly objectName: string;
|
||||
/**
|
||||
* The namespace the object belongs to.
|
||||
*
|
||||
* @default 'default'
|
||||
*/
|
||||
readonly objectNamespace?: string;
|
||||
/**
|
||||
* JSONPath to the specific value.
|
||||
*
|
||||
* @see https://kubernetes.io/docs/reference/kubectl/jsonpath/
|
||||
*/
|
||||
readonly jsonPath: string;
|
||||
/**
|
||||
* Timeout for waiting on a value.
|
||||
*
|
||||
* @default Duration.minutes(5)
|
||||
*/
|
||||
readonly timeout?: Duration;
|
||||
/**
|
||||
* The removal policy applied to the custom resource that manages the Kubernetes object value.
|
||||
*
|
||||
* The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Represents a value of a specific object deployed in the cluster.
|
||||
* Use this to fetch any information available by the `kubectl get` command.
|
||||
*/
|
||||
export declare class KubernetesObjectValue extends Construct {
|
||||
/**
|
||||
* The CloudFormation resource type.
|
||||
*/
|
||||
static readonly RESOURCE_TYPE = "Custom::AWSCDK-EKS-KubernetesObjectValue";
|
||||
private _resource;
|
||||
constructor(scope: Construct, id: string, props: KubernetesObjectValueProps);
|
||||
/**
|
||||
* The value as a string token.
|
||||
*/
|
||||
get value(): string;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-object-value.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-object-value.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.KubernetesObjectValue=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},kubectl_provider_1=()=>{var tmp=require("./kubectl-provider");return kubectl_provider_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp};class KubernetesObjectValue extends constructs_1().Construct{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.KubernetesObjectValue",version:"2.252.0"};static RESOURCE_TYPE="Custom::AWSCDK-EKS-KubernetesObjectValue";_resource;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_KubernetesObjectValueProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,KubernetesObjectValue),error}const provider=kubectl_provider_1().KubectlProvider.getOrCreate(this,props.cluster);this._resource=new(core_1()).CustomResource(this,"Resource",{resourceType:KubernetesObjectValue.RESOURCE_TYPE,serviceToken:provider.serviceToken,removalPolicy:props.removalPolicy,properties:{ClusterName:props.cluster.clusterName,RoleArn:provider.roleArn,ObjectType:props.objectType,ObjectName:props.objectName,ObjectNamespace:props.objectNamespace??"default",JsonPath:props.jsonPath,TimeoutSeconds:(props?.timeout??core_1().Duration.minutes(5)).toSeconds()}})}get value(){return core_1().Token.asString(this._resource.getAtt("Value"))}}exports.KubernetesObjectValue=KubernetesObjectValue;
|
||||
80
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-patch.d.ts
generated
vendored
Normal file
80
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-patch.d.ts
generated
vendored
Normal file
@@ -0,0 +1,80 @@
|
||||
import { Construct } from 'constructs';
|
||||
import type { ICluster } from './cluster';
|
||||
import type { RemovalPolicy } from '../../core';
|
||||
/**
|
||||
* Properties for KubernetesPatch
|
||||
*/
|
||||
export interface KubernetesPatchProps {
|
||||
/**
|
||||
* The cluster to apply the patch to.
|
||||
* [disable-awslint:ref-via-interface]
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
/**
|
||||
* The JSON object to pass to `kubectl patch` when the resource is created/updated.
|
||||
*/
|
||||
readonly applyPatch: {
|
||||
[key: string]: any;
|
||||
};
|
||||
/**
|
||||
* The JSON object to pass to `kubectl patch` when the resource is removed.
|
||||
*/
|
||||
readonly restorePatch: {
|
||||
[key: string]: any;
|
||||
};
|
||||
/**
|
||||
* The full name of the resource to patch (e.g. `deployment/coredns`).
|
||||
*/
|
||||
readonly resourceName: string;
|
||||
/**
|
||||
* The kubernetes API namespace
|
||||
*
|
||||
* @default "default"
|
||||
*/
|
||||
readonly resourceNamespace?: string;
|
||||
/**
|
||||
* The patch type to pass to `kubectl patch`.
|
||||
* The default type used by `kubectl patch` is "strategic".
|
||||
*
|
||||
* @default PatchType.STRATEGIC
|
||||
*/
|
||||
readonly patchType?: PatchType;
|
||||
/**
|
||||
* The removal policy applied to the custom resource that manages the Kubernetes patch.
|
||||
*
|
||||
* The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Values for `kubectl patch` --type argument
|
||||
*/
|
||||
export declare enum PatchType {
|
||||
/**
|
||||
* JSON Patch, RFC 6902
|
||||
*/
|
||||
JSON = "json",
|
||||
/**
|
||||
* JSON Merge patch
|
||||
*/
|
||||
MERGE = "merge",
|
||||
/**
|
||||
* Strategic merge patch
|
||||
*/
|
||||
STRATEGIC = "strategic"
|
||||
}
|
||||
/**
|
||||
* A CloudFormation resource which applies/restores a JSON patch into a
|
||||
* Kubernetes resource.
|
||||
* @see https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/
|
||||
*/
|
||||
export declare class KubernetesPatch extends Construct {
|
||||
constructor(scope: Construct, id: string, props: KubernetesPatchProps);
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-patch.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/k8s-patch.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.KubernetesPatch=exports.PatchType=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},kubectl_provider_1=()=>{var tmp=require("./kubectl-provider");return kubectl_provider_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},PatchType;(function(PatchType2){PatchType2.JSON="json",PatchType2.MERGE="merge",PatchType2.STRATEGIC="strategic"})(PatchType||(exports.PatchType=PatchType={}));class KubernetesPatch extends constructs_1().Construct{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.KubernetesPatch",version:"2.252.0"};constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_KubernetesPatchProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,KubernetesPatch),error}const stack=core_1().Stack.of(this),provider=kubectl_provider_1().KubectlProvider.getOrCreate(this,props.cluster);new(core_1()).CustomResource(this,"Resource",{serviceToken:provider.serviceToken,resourceType:"Custom::AWSCDK-EKS-KubernetesPatch",removalPolicy:props.removalPolicy,properties:{ResourceName:props.resourceName,ResourceNamespace:props.resourceNamespace??"default",ApplyPatchJson:stack.toJsonString(props.applyPatch),RestorePatchJson:stack.toJsonString(props.restorePatch),ClusterName:props.cluster.clusterName,RoleArn:provider.roleArn,PatchType:props.patchType??PatchType.STRATEGIC}})}}exports.KubernetesPatch=KubernetesPatch;
|
||||
95
cdk/node_modules/aws-cdk-lib/aws-eks/lib/kubectl-provider.d.ts
generated
vendored
Normal file
95
cdk/node_modules/aws-cdk-lib/aws-eks/lib/kubectl-provider.d.ts
generated
vendored
Normal file
@@ -0,0 +1,95 @@
|
||||
import type { IConstruct } from 'constructs';
|
||||
import { Construct } from 'constructs';
|
||||
import type { ICluster } from './cluster';
|
||||
import * as iam from '../../aws-iam';
|
||||
import type { RemovalPolicy } from '../../core';
|
||||
import { NestedStack } from '../../core';
|
||||
/**
|
||||
* Properties for a KubectlProvider
|
||||
*/
|
||||
export interface KubectlProviderProps {
|
||||
/**
|
||||
* The cluster to control.
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
/**
|
||||
* The removal policy applied to the custom resource that provides kubectl.
|
||||
*
|
||||
* The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Kubectl Provider Attributes
|
||||
*/
|
||||
export interface KubectlProviderAttributes {
|
||||
/**
|
||||
* The custom resource provider's service token.
|
||||
*/
|
||||
readonly functionArn: string;
|
||||
/**
|
||||
* The IAM role to assume in order to perform kubectl operations against this cluster.
|
||||
*/
|
||||
readonly kubectlRoleArn: string;
|
||||
/**
|
||||
* The IAM execution role of the handler. This role must be able to assume kubectlRoleArn
|
||||
*/
|
||||
readonly handlerRole: iam.IRole;
|
||||
}
|
||||
/**
|
||||
* Imported KubectlProvider that can be used in place of the default one created by CDK
|
||||
*/
|
||||
export interface IKubectlProvider extends IConstruct {
|
||||
/**
|
||||
* The custom resource provider's service token.
|
||||
*/
|
||||
readonly serviceToken: string;
|
||||
/**
|
||||
* The IAM role to assume in order to perform kubectl operations against this cluster.
|
||||
*/
|
||||
readonly roleArn: string;
|
||||
/**
|
||||
* The IAM execution role of the handler.
|
||||
*/
|
||||
readonly handlerRole: iam.IRole;
|
||||
}
|
||||
/**
|
||||
* Implementation of Kubectl Lambda
|
||||
*/
|
||||
export declare class KubectlProvider extends NestedStack implements IKubectlProvider {
|
||||
/**
|
||||
* Take existing provider or create new based on cluster
|
||||
*
|
||||
* @param scope Construct
|
||||
* @param cluster k8s cluster
|
||||
*/
|
||||
static getOrCreate(scope: Construct, cluster: ICluster): IKubectlProvider;
|
||||
/**
|
||||
* Import an existing provider
|
||||
*
|
||||
* @param scope Construct
|
||||
* @param id an id of resource
|
||||
* @param attrs attributes for the provider
|
||||
*/
|
||||
static fromKubectlProviderAttributes(scope: Construct, id: string, attrs: KubectlProviderAttributes): IKubectlProvider;
|
||||
/**
|
||||
* The custom resource provider's service token.
|
||||
*/
|
||||
readonly serviceToken: string;
|
||||
/**
|
||||
* The IAM role to assume in order to perform kubectl operations against this cluster.
|
||||
*/
|
||||
readonly roleArn: string;
|
||||
/**
|
||||
* The IAM execution role of the handler.
|
||||
*/
|
||||
readonly handlerRole: iam.IRole;
|
||||
constructor(scope: Construct, id: string, props: KubectlProviderProps);
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/kubectl-provider.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/kubectl-provider.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
413
cdk/node_modules/aws-cdk-lib/aws-eks/lib/managed-nodegroup.d.ts
generated
vendored
Normal file
413
cdk/node_modules/aws-cdk-lib/aws-eks/lib/managed-nodegroup.d.ts
generated
vendored
Normal file
@@ -0,0 +1,413 @@
|
||||
import type { Construct } from 'constructs';
|
||||
import type { ICluster } from './cluster';
|
||||
import type { INodegroupRef, NodegroupReference } from './eks.generated';
|
||||
import type { ISecurityGroup, SubnetSelection } from '../../aws-ec2';
|
||||
import { InstanceType } from '../../aws-ec2';
|
||||
import type { IRole } from '../../aws-iam';
|
||||
import type { IResource, RemovalPolicy } from '../../core';
|
||||
import { Resource } from '../../core';
|
||||
/**
|
||||
* NodeGroup interface
|
||||
*/
|
||||
export interface INodegroup extends IResource, INodegroupRef {
|
||||
/**
|
||||
* Name of the nodegroup
|
||||
* @attribute
|
||||
*/
|
||||
readonly nodegroupName: string;
|
||||
}
|
||||
/**
|
||||
* The AMI type for your node group.
|
||||
*
|
||||
* GPU instance types should use the `AL2_x86_64_GPU` AMI type, which uses the
|
||||
* Amazon EKS-optimized Linux AMI with GPU support or the `BOTTLEROCKET_ARM_64_NVIDIA` or `BOTTLEROCKET_X86_64_NVIDIA`
|
||||
* AMI types, which uses the Amazon EKS-optimized Linux AMI with Nvidia-GPU support.
|
||||
*
|
||||
* Non-GPU instances should use the `AL2_x86_64` AMI type, which uses the Amazon EKS-optimized Linux AMI.
|
||||
*/
|
||||
export declare enum NodegroupAmiType {
|
||||
/**
|
||||
* Amazon Linux 2 (x86-64)
|
||||
*/
|
||||
AL2_X86_64 = "AL2_x86_64",
|
||||
/**
|
||||
* Amazon Linux 2 with GPU support
|
||||
*/
|
||||
AL2_X86_64_GPU = "AL2_x86_64_GPU",
|
||||
/**
|
||||
* Amazon Linux 2 (ARM-64)
|
||||
*/
|
||||
AL2_ARM_64 = "AL2_ARM_64",
|
||||
/**
|
||||
* Bottlerocket Linux (ARM-64)
|
||||
*/
|
||||
BOTTLEROCKET_ARM_64 = "BOTTLEROCKET_ARM_64",
|
||||
/**
|
||||
* Bottlerocket (x86-64)
|
||||
*/
|
||||
BOTTLEROCKET_X86_64 = "BOTTLEROCKET_x86_64",
|
||||
/**
|
||||
* Bottlerocket Linux with Nvidia-GPU support (ARM-64)
|
||||
*/
|
||||
BOTTLEROCKET_ARM_64_NVIDIA = "BOTTLEROCKET_ARM_64_NVIDIA",
|
||||
/**
|
||||
* Bottlerocket with Nvidia-GPU support (x86-64)
|
||||
*/
|
||||
BOTTLEROCKET_X86_64_NVIDIA = "BOTTLEROCKET_x86_64_NVIDIA",
|
||||
/**
|
||||
* Bottlerocket Linux (ARM-64) with FIPS enabled
|
||||
*/
|
||||
BOTTLEROCKET_ARM_64_FIPS = "BOTTLEROCKET_ARM_64_FIPS",
|
||||
/**
|
||||
* Bottlerocket (x86-64) with FIPS enabled
|
||||
*/
|
||||
BOTTLEROCKET_X86_64_FIPS = "BOTTLEROCKET_x86_64_FIPS",
|
||||
/**
|
||||
* Windows Core 2019 (x86-64)
|
||||
*/
|
||||
WINDOWS_CORE_2019_X86_64 = "WINDOWS_CORE_2019_x86_64",
|
||||
/**
|
||||
* Windows Core 2022 (x86-64)
|
||||
*/
|
||||
WINDOWS_CORE_2022_X86_64 = "WINDOWS_CORE_2022_x86_64",
|
||||
/**
|
||||
* Windows Full 2019 (x86-64)
|
||||
*/
|
||||
WINDOWS_FULL_2019_X86_64 = "WINDOWS_FULL_2019_x86_64",
|
||||
/**
|
||||
* Windows Full 2022 (x86-64)
|
||||
*/
|
||||
WINDOWS_FULL_2022_X86_64 = "WINDOWS_FULL_2022_x86_64",
|
||||
/**
|
||||
* Amazon Linux 2023 (x86-64)
|
||||
*/
|
||||
AL2023_X86_64_STANDARD = "AL2023_x86_64_STANDARD",
|
||||
/**
|
||||
* Amazon Linux 2023 with AWS Neuron drivers (x86-64)
|
||||
*/
|
||||
AL2023_X86_64_NEURON = "AL2023_x86_64_NEURON",
|
||||
/**
|
||||
* Amazon Linux 2023 with NVIDIA drivers (x86-64)
|
||||
*/
|
||||
AL2023_X86_64_NVIDIA = "AL2023_x86_64_NVIDIA",
|
||||
/**
|
||||
* Amazon Linux 2023 with NVIDIA drivers (ARM-64)
|
||||
*/
|
||||
AL2023_ARM_64_NVIDIA = "AL2023_ARM_64_NVIDIA",
|
||||
/**
|
||||
* Amazon Linux 2023 (ARM-64)
|
||||
*/
|
||||
AL2023_ARM_64_STANDARD = "AL2023_ARM_64_STANDARD"
|
||||
}
|
||||
/**
|
||||
* Capacity type of the managed node group
|
||||
*/
|
||||
export declare enum CapacityType {
|
||||
/**
|
||||
* spot instances
|
||||
*/
|
||||
SPOT = "SPOT",
|
||||
/**
|
||||
* on-demand instances
|
||||
*/
|
||||
ON_DEMAND = "ON_DEMAND",
|
||||
/**
|
||||
* capacity block instances
|
||||
*/
|
||||
CAPACITY_BLOCK = "CAPACITY_BLOCK"
|
||||
}
|
||||
/**
|
||||
* The remote access (SSH) configuration to use with your node group.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html
|
||||
*/
|
||||
export interface NodegroupRemoteAccess {
|
||||
/**
|
||||
* The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group.
|
||||
*/
|
||||
readonly sshKeyName: string;
|
||||
/**
|
||||
* The security groups that are allowed SSH access (port 22) to the worker nodes. If you specify an Amazon EC2 SSH
|
||||
* key but do not specify a source security group when you create a managed node group, then port 22 on the worker
|
||||
* nodes is opened to the internet (0.0.0.0/0).
|
||||
*
|
||||
* @default - port 22 on the worker nodes is opened to the internet (0.0.0.0/0)
|
||||
*/
|
||||
readonly sourceSecurityGroups?: ISecurityGroup[];
|
||||
}
|
||||
/**
|
||||
* Launch template property specification
|
||||
*/
|
||||
export interface LaunchTemplateSpec {
|
||||
/**
|
||||
* The Launch template ID
|
||||
*/
|
||||
readonly id: string;
|
||||
/**
|
||||
* The launch template version to be used (optional).
|
||||
*
|
||||
* @default - the default version of the launch template
|
||||
*/
|
||||
readonly version?: string;
|
||||
}
|
||||
/**
|
||||
* Effect types of kubernetes node taint.
|
||||
*
|
||||
* Note: These values are specifically for AWS EKS NodeGroups and use the AWS API format.
|
||||
* When using AWS CLI or API, taint effects must be NO_SCHEDULE, PREFER_NO_SCHEDULE, or NO_EXECUTE.
|
||||
* When using Kubernetes directly or kubectl, taint effects must be NoSchedule, PreferNoSchedule, or NoExecute.
|
||||
*
|
||||
* For Kubernetes manifests (like Karpenter NodePools), use string literals with PascalCase format:
|
||||
* - 'NoSchedule' instead of TaintEffect.NO_SCHEDULE
|
||||
* - 'PreferNoSchedule' instead of TaintEffect.PREFER_NO_SCHEDULE
|
||||
* - 'NoExecute' instead of TaintEffect.NO_EXECUTE
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html
|
||||
*/
|
||||
export declare enum TaintEffect {
|
||||
/**
|
||||
* NoSchedule
|
||||
*/
|
||||
NO_SCHEDULE = "NO_SCHEDULE",
|
||||
/**
|
||||
* PreferNoSchedule
|
||||
*/
|
||||
PREFER_NO_SCHEDULE = "PREFER_NO_SCHEDULE",
|
||||
/**
|
||||
* NoExecute
|
||||
*/
|
||||
NO_EXECUTE = "NO_EXECUTE"
|
||||
}
|
||||
/**
|
||||
* Taint interface
|
||||
*/
|
||||
export interface TaintSpec {
|
||||
/**
|
||||
* Effect type
|
||||
*
|
||||
* @default - None
|
||||
*/
|
||||
readonly effect?: TaintEffect;
|
||||
/**
|
||||
* Taint key
|
||||
*
|
||||
* @default - None
|
||||
*/
|
||||
readonly key?: string;
|
||||
/**
|
||||
* Taint value
|
||||
*
|
||||
* @default - None
|
||||
*/
|
||||
readonly value?: string;
|
||||
}
|
||||
/**
|
||||
* The Nodegroup Options for addNodeGroup() method
|
||||
*/
|
||||
export interface NodegroupOptions {
|
||||
/**
|
||||
* Name of the Nodegroup
|
||||
*
|
||||
* @default - resource ID
|
||||
*/
|
||||
readonly nodegroupName?: string;
|
||||
/**
|
||||
* The subnets to use for the Auto Scaling group that is created for your node group. By specifying the
|
||||
* SubnetSelection, the selected subnets will automatically apply required tags i.e.
|
||||
* `kubernetes.io/cluster/CLUSTER_NAME` with a value of `shared`, where `CLUSTER_NAME` is replaced with
|
||||
* the name of your cluster.
|
||||
*
|
||||
* @default - private subnets
|
||||
*/
|
||||
readonly subnets?: SubnetSelection;
|
||||
/**
|
||||
* The AMI type for your node group. If you explicitly specify the launchTemplate with custom AMI, do not specify this property, or
|
||||
* the node group deployment will fail. In other cases, you will need to specify correct amiType for the nodegroup.
|
||||
*
|
||||
* @default - auto-determined from the instanceTypes property when launchTemplateSpec property is not specified
|
||||
*/
|
||||
readonly amiType?: NodegroupAmiType;
|
||||
/**
|
||||
* The root device disk size (in GiB) for your node group instances.
|
||||
*
|
||||
* @default 20
|
||||
*/
|
||||
readonly diskSize?: number;
|
||||
/**
|
||||
* The current number of worker nodes that the managed node group should maintain. If not specified,
|
||||
* the nodewgroup will initially create `minSize` instances.
|
||||
*
|
||||
* @default 2
|
||||
*/
|
||||
readonly desiredSize?: number;
|
||||
/**
|
||||
* The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default.
|
||||
*
|
||||
* @default - desiredSize
|
||||
*/
|
||||
readonly maxSize?: number;
|
||||
/**
|
||||
* The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than or equal to zero.
|
||||
*
|
||||
* @default 1
|
||||
*/
|
||||
readonly minSize?: number;
|
||||
/**
|
||||
* Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue.
|
||||
* If an update fails because pods could not be drained, you can force the update after it fails to terminate the old
|
||||
* node whether or not any pods are
|
||||
* running on the node.
|
||||
*
|
||||
* @default true
|
||||
*/
|
||||
readonly forceUpdate?: boolean;
|
||||
/**
|
||||
* The instance types to use for your node group.
|
||||
* @default t3.medium will be used according to the cloudformation document.
|
||||
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes
|
||||
*/
|
||||
readonly instanceTypes?: InstanceType[];
|
||||
/**
|
||||
* The Kubernetes labels to be applied to the nodes in the node group when they are created.
|
||||
*
|
||||
* @default - None
|
||||
*/
|
||||
readonly labels?: {
|
||||
[name: string]: string;
|
||||
};
|
||||
/**
|
||||
* The Kubernetes taints to be applied to the nodes in the node group when they are created.
|
||||
*
|
||||
* @default - None
|
||||
*/
|
||||
readonly taints?: TaintSpec[];
|
||||
/**
|
||||
* The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon
|
||||
* makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through
|
||||
* an IAM instance profile and associated policies. Before you can launch worker nodes and register them
|
||||
* into a cluster, you must create an IAM role for those worker nodes to use when they are launched.
|
||||
*
|
||||
* @default - None. Auto-generated if not specified.
|
||||
*/
|
||||
readonly nodeRole?: IRole;
|
||||
/**
|
||||
* The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, `1.14.7-YYYYMMDD`).
|
||||
*
|
||||
* @default - The latest available AMI version for the node group's current Kubernetes version is used.
|
||||
*/
|
||||
readonly releaseVersion?: string;
|
||||
/**
|
||||
* The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you
|
||||
* specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group,
|
||||
* then port 22 on the worker nodes is opened to the internet (0.0.0.0/0)
|
||||
*
|
||||
* @default - disabled
|
||||
*/
|
||||
readonly remoteAccess?: NodegroupRemoteAccess;
|
||||
/**
|
||||
* The metadata to apply to the node group to assist with categorization and organization. Each tag consists of
|
||||
* a key and an optional value, both of which you define. Node group tags do not propagate to any other resources
|
||||
* associated with the node group, such as the Amazon EC2 instances or subnets.
|
||||
*
|
||||
* @default - None
|
||||
*/
|
||||
readonly tags?: {
|
||||
[name: string]: string;
|
||||
};
|
||||
/**
|
||||
* Launch template specification used for the nodegroup
|
||||
* @see https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
|
||||
* @default - no launch template
|
||||
*/
|
||||
readonly launchTemplateSpec?: LaunchTemplateSpec;
|
||||
/**
|
||||
* The capacity type of the nodegroup.
|
||||
*
|
||||
* @default - ON_DEMAND
|
||||
*/
|
||||
readonly capacityType?: CapacityType;
|
||||
/**
|
||||
* The maximum number of nodes unavailable at once during a version update.
|
||||
* Nodes will be updated in parallel. The maximum number is 100.
|
||||
*
|
||||
* This value or `maxUnavailablePercentage` is required to have a value for custom update configurations to be applied.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html#cfn-eks-nodegroup-updateconfig-maxunavailable
|
||||
* @default 1
|
||||
*/
|
||||
readonly maxUnavailable?: number;
|
||||
/**
|
||||
* The maximum percentage of nodes unavailable during a version update.
|
||||
* This percentage of nodes will be updated in parallel, up to 100 nodes at once.
|
||||
*
|
||||
* This value or `maxUnavailable` is required to have a value for custom update configurations to be applied.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html#cfn-eks-nodegroup-updateconfig-maxunavailablepercentage
|
||||
* @default undefined - node groups will update instances one at a time
|
||||
*/
|
||||
readonly maxUnavailablePercentage?: number;
|
||||
/**
|
||||
* Specifies whether to enable node auto repair for the node group. Node auto repair is disabled by default.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/eks/latest/userguide/node-health.html#node-auto-repair
|
||||
* @default - disabled
|
||||
*/
|
||||
readonly enableNodeAutoRepair?: boolean;
|
||||
/**
|
||||
* The removal policy applied to the managed node group.
|
||||
*
|
||||
* The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* NodeGroup properties interface
|
||||
*/
|
||||
export interface NodegroupProps extends NodegroupOptions {
|
||||
/**
|
||||
* Cluster resource
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
}
|
||||
/**
|
||||
* The Nodegroup resource class
|
||||
*/
|
||||
export declare class Nodegroup extends Resource implements INodegroup {
|
||||
/** Uniquely identifies this class. */
|
||||
static readonly PROPERTY_INJECTION_ID: string;
|
||||
/**
|
||||
* Import the Nodegroup from attributes
|
||||
*/
|
||||
static fromNodegroupName(scope: Construct, id: string, nodegroupName: string): INodegroup;
|
||||
/**
|
||||
* the Amazon EKS cluster resource
|
||||
*
|
||||
* @attribute ClusterName
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
/**
|
||||
* IAM role of the instance profile for the nodegroup
|
||||
*/
|
||||
readonly role: IRole;
|
||||
private readonly desiredSize;
|
||||
private readonly maxSize;
|
||||
private readonly minSize;
|
||||
private readonly resource;
|
||||
get nodegroupName(): string;
|
||||
constructor(scope: Construct, id: string, props: NodegroupProps);
|
||||
/**
|
||||
* ARN of the nodegroup
|
||||
*
|
||||
* @attribute
|
||||
*/
|
||||
get nodegroupArn(): string;
|
||||
private validateUpdateConfig;
|
||||
get nodegroupRef(): NodegroupReference;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/managed-nodegroup.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/managed-nodegroup.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
84
cdk/node_modules/aws-cdk-lib/aws-eks/lib/oidc-provider.d.ts
generated
vendored
Normal file
84
cdk/node_modules/aws-cdk-lib/aws-eks/lib/oidc-provider.d.ts
generated
vendored
Normal file
@@ -0,0 +1,84 @@
|
||||
import type { Construct } from 'constructs';
|
||||
import * as iam from '../../aws-iam';
|
||||
import type { RemovalPolicy } from '../../core';
|
||||
/**
|
||||
* Initialization properties for `OpenIdConnectProvider`.
|
||||
*/
|
||||
export interface OpenIdConnectProviderProps {
|
||||
/**
|
||||
* The URL of the identity provider. The URL must begin with https:// and
|
||||
* should correspond to the iss claim in the provider's OpenID Connect ID
|
||||
* tokens. Per the OIDC standard, path components are allowed but query
|
||||
* parameters are not. Typically the URL consists of only a hostname, like
|
||||
* https://server.example.org or https://example.com.
|
||||
*
|
||||
* You can find your OIDC Issuer URL by:
|
||||
* aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text
|
||||
*/
|
||||
readonly url: string;
|
||||
/**
|
||||
* The removal policy to apply to the OpenID Connect Provider.
|
||||
*
|
||||
* @default - RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
}
|
||||
/**
|
||||
* Initialization properties for `OidcProviderNative`.
|
||||
*/
|
||||
export interface OidcProviderNativeProps extends OpenIdConnectProviderProps {
|
||||
}
|
||||
/**
|
||||
* IAM OIDC identity providers are entities in IAM that describe an external
|
||||
* identity provider (IdP) service that supports the OpenID Connect (OIDC)
|
||||
* standard, such as Google or Salesforce. You use an IAM OIDC identity provider
|
||||
* when you want to establish trust between an OIDC-compatible IdP and your AWS
|
||||
* account.
|
||||
*
|
||||
* This implementation has default values for thumbprints and clientIds props
|
||||
* that will be compatible with the eks cluster
|
||||
*
|
||||
* @see http://openid.net/connect
|
||||
* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
|
||||
*
|
||||
* **For new projects, it is recommended to use `OidcProviderNative` instead which creates the OIDC provider using the native CloudFormation resource (AWS::IAM::OIDCProvider).**
|
||||
*
|
||||
* @resource AWS::CloudFormation::CustomResource
|
||||
*/
|
||||
export declare class OpenIdConnectProvider extends iam.OpenIdConnectProvider {
|
||||
/** Uniquely identifies this class. */
|
||||
static readonly PROPERTY_INJECTION_ID: string;
|
||||
/**
|
||||
* Defines an OpenID Connect provider.
|
||||
* @param scope The definition scope
|
||||
* @param id Construct ID
|
||||
* @param props Initialization properties
|
||||
*/
|
||||
constructor(scope: Construct, id: string, props: OpenIdConnectProviderProps);
|
||||
}
|
||||
/**
|
||||
* IAM OIDC identity providers are entities in IAM that describe an external
|
||||
* identity provider (IdP) service that supports the OpenID Connect (OIDC)
|
||||
* standard, such as Google or Salesforce. You use an IAM OIDC identity provider
|
||||
* when you want to establish trust between an OIDC-compatible IdP and your AWS
|
||||
* account.
|
||||
*
|
||||
* This implementation uses the native CloudFormation resource and has default
|
||||
* values for thumbprints and clientIds props that will be compatible with the eks cluster.
|
||||
*
|
||||
* @see http://openid.net/connect
|
||||
* @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
|
||||
*
|
||||
* @resource AWS::IAM::OIDCProvider
|
||||
*/
|
||||
export declare class OidcProviderNative extends iam.OidcProviderNative {
|
||||
/** Uniquely identifies this class. */
|
||||
static readonly PROPERTY_INJECTION_ID: string;
|
||||
/**
|
||||
* Defines a native OpenID Connect provider.
|
||||
* @param scope The definition scope
|
||||
* @param id Construct ID
|
||||
* @param props Initialization properties
|
||||
*/
|
||||
constructor(scope: Construct, id: string, props: OidcProviderNativeProps);
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/oidc-provider.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/oidc-provider.js
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
26
cdk/node_modules/aws-cdk-lib/aws-eks/lib/private/bottlerocket.d.ts
generated
vendored
Normal file
26
cdk/node_modules/aws-cdk-lib/aws-eks/lib/private/bottlerocket.d.ts
generated
vendored
Normal file
@@ -0,0 +1,26 @@
|
||||
import type { Construct } from 'constructs';
|
||||
import * as ec2 from '../../../aws-ec2';
|
||||
/**
|
||||
* Properties for BottleRocketImage
|
||||
*/
|
||||
export interface BottleRocketImageProps {
|
||||
/**
|
||||
* The Kubernetes version to use
|
||||
*/
|
||||
readonly kubernetesVersion: string;
|
||||
}
|
||||
/**
|
||||
* Construct an Bottlerocket image from the latest AMI published in SSM
|
||||
*/
|
||||
export declare class BottleRocketImage implements ec2.IMachineImage {
|
||||
private readonly kubernetesVersion;
|
||||
private readonly amiParameterName;
|
||||
/**
|
||||
* Constructs a new instance of the BottleRocketImage class.
|
||||
*/
|
||||
constructor(props: BottleRocketImageProps);
|
||||
/**
|
||||
* Return the correct image
|
||||
*/
|
||||
getImage(scope: Construct): ec2.MachineImageConfig;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/private/bottlerocket.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/private/bottlerocket.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.BottleRocketImage=void 0;var ec2=()=>{var tmp=require("../../../aws-ec2");return ec2=()=>tmp,tmp},ssm=()=>{var tmp=require("../../../aws-ssm");return ssm=()=>tmp,tmp};class BottleRocketImage{kubernetesVersion;amiParameterName;constructor(props){this.kubernetesVersion=props.kubernetesVersion,this.amiParameterName=`/aws/service/bottlerocket/aws-k8s-${this.kubernetesVersion}/x86_64/latest/image_id`}getImage(scope){return{imageId:ssm().StringParameter.valueForStringParameter(scope,this.amiParameterName),osType:ec2().OperatingSystemType.LINUX,userData:ec2().UserData.custom("")}}}exports.BottleRocketImage=BottleRocketImage;
|
||||
6
cdk/node_modules/aws-cdk-lib/aws-eks/lib/private/nodegroup.d.ts
generated
vendored
Normal file
6
cdk/node_modules/aws-cdk-lib/aws-eks/lib/private/nodegroup.d.ts
generated
vendored
Normal file
@@ -0,0 +1,6 @@
|
||||
import { InstanceType } from '../../../aws-ec2';
|
||||
/**
|
||||
* This function check if the instanceType is GPU instance.
|
||||
* @param instanceType The EC2 instance type
|
||||
*/
|
||||
export declare function isGpuInstanceType(instanceType: InstanceType): boolean;
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/private/nodegroup.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/private/nodegroup.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.isGpuInstanceType=isGpuInstanceType;var aws_ec2_1=()=>{var tmp=require("../../../aws-ec2");return aws_ec2_1=()=>tmp,tmp};function isGpuInstanceType(instanceType){return[aws_ec2_1().InstanceClass.P2,aws_ec2_1().InstanceClass.P3,aws_ec2_1().InstanceClass.P3DN,aws_ec2_1().InstanceClass.P4DE,aws_ec2_1().InstanceClass.P4D,aws_ec2_1().InstanceClass.P5,aws_ec2_1().InstanceClass.P5E,aws_ec2_1().InstanceClass.P5EN,aws_ec2_1().InstanceClass.G3S,aws_ec2_1().InstanceClass.G3,aws_ec2_1().InstanceClass.G4DN,aws_ec2_1().InstanceClass.G4AD,aws_ec2_1().InstanceClass.G5,aws_ec2_1().InstanceClass.G5G,aws_ec2_1().InstanceClass.G6,aws_ec2_1().InstanceClass.G6E,aws_ec2_1().InstanceClass.INF1,aws_ec2_1().InstanceClass.INF2,aws_ec2_1().InstanceClass.TRN1,aws_ec2_1().InstanceClass.TRN1N,aws_ec2_1().InstanceClass.TRN2].some(c=>instanceType.sameInstanceClassAs(aws_ec2_1().InstanceType.of(c,aws_ec2_1().InstanceSize.LARGE)))}
|
||||
140
cdk/node_modules/aws-cdk-lib/aws-eks/lib/service-account.d.ts
generated
vendored
Normal file
140
cdk/node_modules/aws-cdk-lib/aws-eks/lib/service-account.d.ts
generated
vendored
Normal file
@@ -0,0 +1,140 @@
|
||||
import { Construct } from 'constructs';
|
||||
import type { ICluster } from './cluster';
|
||||
import type { AddToPrincipalPolicyResult, IPrincipal, IRole, PrincipalPolicyFragment } from '../../aws-iam';
|
||||
import { PolicyStatement } from '../../aws-iam';
|
||||
import type { RemovalPolicy } from '../../core';
|
||||
/**
|
||||
* Enum representing the different identity types that can be used for a Kubernetes service account.
|
||||
*/
|
||||
export declare enum IdentityType {
|
||||
/**
|
||||
* Use the IAM Roles for Service Accounts (IRSA) identity type.
|
||||
* IRSA allows you to associate an IAM role with a Kubernetes service account.
|
||||
* This provides a way to grant permissions to Kubernetes pods by associating an IAM role with a Kubernetes service account.
|
||||
* The IAM role can then be used to provide AWS credentials to the pods, allowing them to access other AWS resources.
|
||||
*
|
||||
* When enabled, the openIdConnectProvider of the cluster would be created when you create the ServiceAccount.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
|
||||
*/
|
||||
IRSA = "IRSA",
|
||||
/**
|
||||
* Use the EKS Pod Identities identity type.
|
||||
* EKS Pod Identities provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles
|
||||
* provide credentials to Amazon EC2 instances. Instead of creating and distributing your AWS credentials to the containers or using the
|
||||
* Amazon EC2 instance's role, you associate an IAM role with a Kubernetes service account and configure your Pods to use the service account.
|
||||
*
|
||||
* When enabled, the Pod Identity Agent AddOn of the cluster would be created when you create the ServiceAccount.
|
||||
*
|
||||
* @see https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html
|
||||
*/
|
||||
POD_IDENTITY = "POD_IDENTITY"
|
||||
}
|
||||
/**
|
||||
* Options for `ServiceAccount`
|
||||
*/
|
||||
export interface ServiceAccountOptions {
|
||||
/**
|
||||
* The name of the service account.
|
||||
*
|
||||
* The name of a ServiceAccount object must be a valid DNS subdomain name.
|
||||
* https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
||||
* @default - If no name is given, it will use the id of the resource.
|
||||
*/
|
||||
readonly name?: string;
|
||||
/**
|
||||
* The namespace of the service account.
|
||||
*
|
||||
* All namespace names must be valid RFC 1123 DNS labels.
|
||||
* https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns
|
||||
* @default "default"
|
||||
*/
|
||||
readonly namespace?: string;
|
||||
/**
|
||||
* Additional annotations of the service account.
|
||||
*
|
||||
* @default - no additional annotations
|
||||
*/
|
||||
readonly annotations?: {
|
||||
[key: string]: string;
|
||||
};
|
||||
/**
|
||||
* Additional labels of the service account.
|
||||
*
|
||||
* @default - no additional labels
|
||||
*/
|
||||
readonly labels?: {
|
||||
[key: string]: string;
|
||||
};
|
||||
/**
|
||||
* The identity type to use for the service account.
|
||||
* @default IdentityType.IRSA
|
||||
*/
|
||||
readonly identityType?: IdentityType;
|
||||
/**
|
||||
* The removal policy applied to the service account resources.
|
||||
*
|
||||
* The removal policy controls what happens to the resources if they stop being managed by CloudFormation.
|
||||
* This can happen in one of three situations:
|
||||
*
|
||||
* - The resource is removed from the template, so CloudFormation stops managing it
|
||||
* - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
|
||||
* - The stack is deleted, so CloudFormation stops managing all resources in it
|
||||
*
|
||||
* @default RemovalPolicy.DESTROY
|
||||
*/
|
||||
readonly removalPolicy?: RemovalPolicy;
|
||||
/**
|
||||
* Overwrite existing service account.
|
||||
*
|
||||
* If this is set, we will use `kubectl apply` instead of `kubectl create`
|
||||
* when the service account is created. Otherwise, if there is already a service account
|
||||
* in the cluster with the same name, the operation will fail.
|
||||
*
|
||||
* @default false
|
||||
*/
|
||||
readonly overwriteServiceAccount?: boolean;
|
||||
}
|
||||
/**
|
||||
* Properties for defining service accounts
|
||||
*/
|
||||
export interface ServiceAccountProps extends ServiceAccountOptions {
|
||||
/**
|
||||
* The cluster to apply the patch to.
|
||||
*/
|
||||
readonly cluster: ICluster;
|
||||
}
|
||||
/**
|
||||
* Service Account
|
||||
*/
|
||||
export declare class ServiceAccount extends Construct implements IPrincipal {
|
||||
/**
|
||||
* The role which is linked to the service account.
|
||||
*/
|
||||
readonly role: IRole;
|
||||
readonly assumeRoleAction: string;
|
||||
readonly grantPrincipal: IPrincipal;
|
||||
readonly policyFragment: PrincipalPolicyFragment;
|
||||
/**
|
||||
* The name of the service account.
|
||||
*/
|
||||
readonly serviceAccountName: string;
|
||||
/**
|
||||
* The namespace where the service account is located in.
|
||||
*/
|
||||
readonly serviceAccountNamespace: string;
|
||||
constructor(scope: Construct, id: string, props: ServiceAccountProps);
|
||||
addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult;
|
||||
/**
|
||||
* If the value is a DNS subdomain name as defined in RFC 1123, from K8s docs.
|
||||
*
|
||||
* https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names
|
||||
*/
|
||||
private isValidDnsSubdomainName;
|
||||
/**
|
||||
* If the value follows DNS label standard as defined in RFC 1123, from K8s docs.
|
||||
*
|
||||
* https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names
|
||||
*/
|
||||
private isValidDnsLabelName;
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/service-account.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/service-account.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ServiceAccount=exports.IdentityType=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},index_1=()=>{var tmp=require("./index");return index_1=()=>tmp,tmp},k8s_manifest_1=()=>{var tmp=require("./k8s-manifest");return k8s_manifest_1=()=>tmp,tmp},aws_iam_1=()=>{var tmp=require("../../aws-iam");return aws_iam_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},IdentityType;(function(IdentityType2){IdentityType2.IRSA="IRSA",IdentityType2.POD_IDENTITY="POD_IDENTITY"})(IdentityType||(exports.IdentityType=IdentityType={}));class ServiceAccount extends constructs_1().Construct{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.ServiceAccount",version:"2.252.0"};role;assumeRoleAction;grantPrincipal;policyFragment;serviceAccountName;serviceAccountNamespace;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_ServiceAccountProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,ServiceAccount),error}const{cluster}=props;if(this.serviceAccountName=props.name??core_1().Names.uniqueId(this).toLowerCase(),this.serviceAccountNamespace=props.namespace??"default",!this.isValidDnsSubdomainName(this.serviceAccountName))throw RangeError("The name of a ServiceAccount object must be a valid DNS subdomain name.");if(!this.isValidDnsLabelName(this.serviceAccountNamespace))throw RangeError("All namespace names must be valid RFC 1123 DNS labels.");let principal;if(props.identityType!==IdentityType.POD_IDENTITY){const conditions=new(core_1()).CfnJson(this,"ConditionJson",{value:{[`${cluster.openIdConnectProvider.openIdConnectProviderIssuer}:aud`]:"sts.amazonaws.com",[`${cluster.openIdConnectProvider.openIdConnectProviderIssuer}:sub`]:`system:serviceaccount:${this.serviceAccountNamespace}:${this.serviceAccountName}`}});principal=new(aws_iam_1()).OpenIdConnectPrincipal(cluster.openIdConnectProvider).withConditions({StringEquals:conditions})}else{if(cluster instanceof index_1().FargateCluster)throw Error("Pod Identity is not supported in Fargate. Use IRSA identity type instead.");principal=new(aws_iam_1()).ServicePrincipal("pods.eks.amazonaws.com")}const role=new(aws_iam_1()).Role(this,"Role",{assumedBy:principal});props.identityType===IdentityType.POD_IDENTITY&&(role.assumeRolePolicy.addStatements(new(aws_iam_1()).PolicyStatement({actions:["sts:AssumeRole","sts:TagSession"],principals:[new(aws_iam_1()).ServicePrincipal("pods.eks.amazonaws.com")]})),cluster.eksPodIdentityAgent,new(index_1()).CfnPodIdentityAssociation(this,"Association",{clusterName:cluster.clusterName,namespace:props.namespace??"default",roleArn:role.roleArn,serviceAccount:this.serviceAccountName})),this.role=role,this.assumeRoleAction=this.role.assumeRoleAction,this.grantPrincipal=this.role.grantPrincipal,this.policyFragment=this.role.policyFragment,new(k8s_manifest_1()).KubernetesManifest(this,`manifest-${id}ServiceAccountResource`,{cluster,overwrite:props.overwriteServiceAccount,manifest:[{apiVersion:"v1",kind:"ServiceAccount",metadata:{name:this.serviceAccountName,namespace:this.serviceAccountNamespace,labels:{"app.kubernetes.io/name":this.serviceAccountName,...props.labels},annotations:{"eks.amazonaws.com/role-arn":this.role.roleArn,...props.annotations}}}]}),props.removalPolicy&&core_1().RemovalPolicies.of(this).apply(props.removalPolicy)}addToPolicy(statement){return this.addToPrincipalPolicy(statement).statementAdded}addToPrincipalPolicy(statement){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_PolicyStatement(statement)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addToPrincipalPolicy),error}return this.role.addToPrincipalPolicy(statement)}isValidDnsSubdomainName(value){return value.length<=253&&/^[a-z0-9]+[a-z0-9-.]*[a-z0-9]+$/.test(value)}isValidDnsLabelName(value){return value.length<=63&&/^[a-z0-9]+[a-z0-9-]*[a-z0-9]+$/.test(value)}}exports.ServiceAccount=ServiceAccount;
|
||||
17
cdk/node_modules/aws-cdk-lib/aws-eks/lib/user-data.d.ts
generated
vendored
Normal file
17
cdk/node_modules/aws-cdk-lib/aws-eks/lib/user-data.d.ts
generated
vendored
Normal file
@@ -0,0 +1,17 @@
|
||||
import type { BootstrapOptions, ICluster } from './cluster';
|
||||
import type * as autoscaling from '../../aws-autoscaling';
|
||||
export declare function renderAmazonLinuxUserData(cluster: ICluster, autoScalingGroup: autoscaling.AutoScalingGroup, options?: BootstrapOptions): string[];
|
||||
export declare function renderBottlerocketUserData(cluster: ICluster): string[];
|
||||
/**
|
||||
* The lifecycle label for node selector
|
||||
*/
|
||||
export declare enum LifecycleLabel {
|
||||
/**
|
||||
* on-demand instances
|
||||
*/
|
||||
ON_DEMAND = "OnDemand",
|
||||
/**
|
||||
* spot instances
|
||||
*/
|
||||
SPOT = "Ec2Spot"
|
||||
}
|
||||
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/user-data.js
generated
vendored
Normal file
1
cdk/node_modules/aws-cdk-lib/aws-eks/lib/user-data.js
generated
vendored
Normal file
@@ -0,0 +1 @@
|
||||
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.LifecycleLabel=void 0,exports.renderAmazonLinuxUserData=renderAmazonLinuxUserData,exports.renderBottlerocketUserData=renderBottlerocketUserData;var core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp};function renderAmazonLinuxUserData(cluster,autoScalingGroup,options={}){const stack=core_1().Stack.of(autoScalingGroup),asgLogicalId=autoScalingGroup.node.defaultChild.logicalId,extraArgs=new Array;try{const clusterEndpoint=cluster.clusterEndpoint,clusterCertificateAuthorityData=cluster.clusterCertificateAuthorityData;extraArgs.push(`--apiserver-endpoint '${clusterEndpoint}'`),extraArgs.push(`--b64-cluster-ca '${clusterCertificateAuthorityData}'`)}catch{}extraArgs.push(`--use-max-pods ${options.useMaxPods??!0}`),options.awsApiRetryAttempts&&extraArgs.push(`--aws-api-retry-attempts ${options.awsApiRetryAttempts}`),options.enableDockerBridge&&extraArgs.push("--enable-docker-bridge true"),options.dockerConfigJson&&extraArgs.push(`--docker-config-json '${options.dockerConfigJson}'`),options.dnsClusterIp&&extraArgs.push(`--dns-cluster-ip ${options.dnsClusterIp}`),options.additionalArgs&&extraArgs.push(options.additionalArgs);const commandLineSuffix=extraArgs.join(" "),kubeletExtraArgsSuffix=options.kubeletExtraArgs||"",lifecycleLabel=autoScalingGroup.spotPrice?LifecycleLabel.SPOT:LifecycleLabel.ON_DEMAND,withTaints=autoScalingGroup.spotPrice?"--register-with-taints=spotInstance=true:PreferNoSchedule":"",kubeletExtraArgs=`--node-labels lifecycle=${lifecycleLabel} ${withTaints} ${kubeletExtraArgsSuffix}`.trim();return["set -o xtrace",`/etc/eks/bootstrap.sh ${cluster.clusterName} --kubelet-extra-args "${kubeletExtraArgs}" ${commandLineSuffix}`.trim(),`/opt/aws/bin/cfn-signal --exit-code $? --stack ${stack.stackName} --resource ${asgLogicalId} --region ${stack.region}`]}function renderBottlerocketUserData(cluster){return["[settings.kubernetes]",`api-server="${cluster.clusterEndpoint}"`,`cluster-certificate="${cluster.clusterCertificateAuthorityData}"`,`cluster-name="${cluster.clusterName}"`]}var LifecycleLabel;(function(LifecycleLabel2){LifecycleLabel2.ON_DEMAND="OnDemand",LifecycleLabel2.SPOT="Ec2Spot"})(LifecycleLabel||(exports.LifecycleLabel=LifecycleLabel={}));
|
||||
Reference in New Issue
Block a user