Releases: giantswarm/giantswarm-aws-account-prerequisites
Releases · giantswarm/giantswarm-aws-account-prerequisites
v4.2.0
Changed
- Add support for Crossplane usage on the CAPA controller role
- Add ability to import existing IAM resources into Terraform state for the CAPA controller role
Fixed
- Fixed terraform file to use correct GiantSwarm root account for the user that will assume the capa-controller role.
v4.1.0
Added
- Add
ec2:ReplaceRoute
permissions to the CAPA controller role. - Add
ec2:DescribeDhcpOptions
permissions to the CAPA controller role, required by CAPA releases >=v2.4.0
.
Added
- For cluster cleanup purposes, add the permissions
s3:GetBucketTagging
ands3:ListAllMyBuckets
in order to scan for buckets owned by a management/workload cluster. Those buckets may not have a fixed name pattern (e.g. include AWS region or other dynamic string) and therefore searching by "owned" tag allows us to find and delete all such resources. - For cluster cleanup purposes, tag all IAM roles and policies with the installation name, so they are easily identifiable during cleanup / teardown.
v4.0.0
Added
- Add
iam:ListRoleTags
andiam:UntagRole
permissions to the AWS operator role. - CAPA: add new
mc-bootstrap
policy tocapa-controller
role. - Add IAM policy for use with Crossplane AWS provider. The initial permissions are meant to be used with Cilium ENI mode.
- CAPA: add
autoscaling:CancelInstanceRefresh
permission (needed forAWSMachinePool
reconciler improvement) - Create a CloudFormation stack to manage the IAM policies and roles.
Changed
- Use a setup script to automate CAPA controller commands.
Removed
- Remove vintage setup instructions.
v3.4.0
Changed
- Add S3 permission for CAPA polices in order to run on Flatcar.
- Remove non-existent IAM actions.
Added
- Add
s3:PutBucketOwnershipControls
to irsa policy. Needed because of this change in irsa-operator - Add
"ec2:DescribeInstanceTypes"
to the CAPA controller policy, as it's required by newest CAPA releases. - Add EKS permissions for managed node pools, encryption/identity provider configs, CIDR blocks, KMS.
v3.3.0
v3.2.0
Added
- Add SQS permission for NodeTerminationHandler/Karpenter.
- Add Events permissions for NodeTerminationHandler/Karpenter.
- Add ssm:GetParameter for NodeTerminationHandler/Karpenter.
v3.1.0
Added
- Add s3:PutBucketOwnershipControls permissions for GiantSwarmAWSOperator.
v3.0.0
Added
- Extend
GiantSwarmAdmin
policy to allow EFS service. - Extend all policies with
iam:TagRole
to fix missing tags. - Extend
GiantSwarmAdmin
policy with permissions for policy view and last access service. - Add
sqs:*
permission to admin role. - Add
iam:*OpenIDConnectProvider
permissions to support IAM roles for service accounts. - Add
s3:PutObjectAcl
for uploading public objects. - Add
ec2:CreateNetworkInterface
permission for resolver rules operator.
Changed
- Limit S3 permissions for
GiantSwarmAWSOperator
- Added
sns:Publish
permission to network-topology-operator policy - Update permissions for resolver rules operator.
- Extend IAM permissions for
GiantSwarmAdmin
to allow rotating secrets.
Removed
- Remove unused service permissions in
GiantSwarmAWSOperator
.
Fixed
- Updated README with correct directories
v2.0.0
release v2.0.0 (#15) Co-authored-by: github-actions <action@github.com> Co-authored-by: Paweł Kopiczko <pawel@giantswarm.io>
v1.0.0
release v1.0.0 (#12) Co-authored-by: github-actions <action@github.com>