Skip to content

Commit

Permalink
PLAT-2892: Add perms to create service linked role for ASG + bastion …
Browse files Browse the repository at this point in the history 
…eip fix w/ec2 classic (#84)

* Add perms for creating ASG service role

* Ensure bastion EIP is never an EC2-Classic IP
  • Loading branch information
@Secretions
Secretions authored Jan 28, 2022
1 parent 87f8baa commit eaf6ce8
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
2 changes: 2 additions & 0 deletions cdk/domino_cdk/config/iam.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ def do_cf():
"iam:CreatePolicy",
"iam:CreatePolicyVersion",
"iam:CreateRole",
"iam:CreateServiceLinkedRole",
"iam:DeleteInstanceProfile",
"iam:DeletePolicy",
"iam:DeletePolicyVersion",
Expand All @@ -100,6 +101,7 @@ def do_cf():
f"arn:{partition}:iam::{aws_account_id}:policy/{stack_name}-*",
f"arn:{partition}:iam::{aws_account_id}:role/{stack_name}-*",
f"arn:{partition}:iam::{aws_account_id}:instance-profile/{stack_name}-*",
f"arn:{partition}:iam::{aws_account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling",
],
}

Expand Down
1 change: 1 addition & 0 deletions cdk/domino_cdk/provisioners/vpc.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,7 @@ def provision_bastion(self, name: str, bastion: config.VPC.Bastion) -> Optional[
ec2.CfnEIP(
self.scope,
"bastion_eip",
domain="vpc",
instance_id=bastion_instance.instance_id,
)

Expand Down

0 comments on commit eaf6ce8

Please sign in to comment.