From 2089e1812b7ceb5c65ae8eb64ff3853550154596 Mon Sep 17 00:00:00 2001
From: Jeeva Kumar <50436466+jeeva-duplo@users.noreply.github.com>
Date: Sun, 23 Jun 2024 23:41:19 +0530
Subject: [PATCH] Updating runner and ml nodes to use scoped permission

---
 terraform/modules/galileo-eks/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/terraform/modules/galileo-eks/main.tf b/terraform/modules/galileo-eks/main.tf
index 2c52f8e..e4dbb48 100644
--- a/terraform/modules/galileo-eks/main.tf
+++ b/terraform/modules/galileo-eks/main.tf
@@ -165,7 +165,7 @@ module "eks_galileo" {
         AmazonEKSWorkerNodePolicy          = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
         AmazonEC2ContainerRegistryReadOnly = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
         ClusterAutoscaler                  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/ClusterAutoscaler_${var.cluster_name}",
-        AmazonS3FullAccess                 = "arn:aws:iam::aws:policy/AmazonS3FullAccess",
+        GalileoS3BucketAccess              = aws_iam_policy.galileo_s3_permission.arn,
         AmazonSSMManagedInstanceCore       = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
         CloudWatchAgentServerPolicy        = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy",
         AmazonEBSCSIDriverPolicy           = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",
@@ -202,7 +202,7 @@ module "eks_galileo" {
           AmazonEKSWorkerNodePolicy          = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
           AmazonEC2ContainerRegistryReadOnly = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
           ClusterAutoscaler                  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/ClusterAutoscaler_${var.cluster_name}",
-          AmazonS3FullAccess                 = "arn:aws:iam::aws:policy/AmazonS3FullAccess",
+          GalileoS3BucketAccess              = aws_iam_policy.galileo_s3_permission.arn,
           AmazonSSMManagedInstanceCore       = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
           CloudWatchAgentServerPolicy        = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy",
           AmazonEBSCSIDriverPolicy           = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy",