IAM Access Policies

Review the IAM Access Policies before executing the AWS Initialization script

Registering an IAM User in gopaddle requires different permissions assigned to the IAM user/role. Please find a complete list of fine-grained, region and account specific permissions required based on the capabilities used in gopaddle.

Capability	AWS Services	IAM Permissions
Creating EKS Cluster and managed Nodegroups	VPC	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-vpc-policy.json
	Subnet	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-subnet-policy.json
	Gateway	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-gateway-policy.json
	EKS and Nodegroup	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-eks-nodegroup-policy.json
	Instance	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-instance-policy.json
	Roles and Security Group	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-role-sg-policy.json
	Cloudformation Template	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-stack-policy.json
	Cloudwatch	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-cloudwatch-policy.json
	Create Application Load Balancer	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-alb-policy.json
AWS ECR Registry	ECR	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-repository-policy.json
AWS SNS Amazon	SNS	🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-sns-policy.json

Capability

AWS Services

IAM Permissions

Creating EKS Cluster and managed Nodegroups

VPC

🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-vpc-policy.json

Subnet

🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-subnet-policy.json

Gateway

🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-gateway-policy.json

EKS and Nodegroup

🔑 https://gp-cloudformation-roles.s3.amazonaws.com/gp-eks-nodegroup-policy.json