IAM Access Policies

Review the IAM Access Policies before executing the AWS Initialization script

Registering an IAM User in gopaddle requires different permissions assigned to the IAM user/role. Please find a complete list of fine-grained, region and account specific permissions required based on the capabilities used in gopaddle.

Capability	AWS Services	IAM Permissions
Creating EKS Cluster and managed Nodegroups	VPC	https://gp-cloudformation-roles.s3.amazonaws.com/gp-vpc-policy.json
	Subnet	https://gp-cloudformation-roles.s3.amazonaws.com/gp-subnet-policy.json
	Gateway	https://gp-cloudformation-roles.s3.amazonaws.com/gp-gateway-policy.json
	EKS and Nodegroup	https://gp-cloudformation-roles.s3.amazonaws.com/gp-eks-nodegroup-policy.json
	Instance	https://gp-cloudformation-roles.s3.amazonaws.com/gp-instance-policy.json
	Roles and Security Group	https://gp-cloudformation-roles.s3.amazonaws.com/gp-role-sg-policy.json
	Cloudformation Template	https://gp-cloudformation-roles.s3.amazonaws.com/gp-stack-policy.json
	Cloudwatch	https://gp-cloudformation-roles.s3.amazonaws.com/gp-cloudwatch-policy.json
	Create Application Load Balancer	https://gp-cloudformation-roles.s3.amazonaws.com/gp-alb-policy.json
AWS ECR Registry	ECR	https://gp-cloudformation-roles.s3.amazonaws.com/gp-repository-policy.json
AWS SNS Amazon	SNS	https://gp-cloudformation-roles.s3.amazonaws.com/gp-sns-policy.json

Capability

AWS Services

IAM Permissions

Creating EKS Cluster and managed Nodegroups

VPC

https://gp-cloudformation-roles.s3.amazonaws.com/gp-vpc-policy.json

Subnet

https://gp-cloudformation-roles.s3.amazonaws.com/gp-subnet-policy.json

Gateway

https://gp-cloudformation-roles.s3.amazonaws.com/gp-gateway-policy.json

EKS and Nodegroup

https://gp-cloudformation-roles.s3.amazonaws.com/gp-eks-nodegroup-policy.json