Add addon permissions to iam-permissions page

[migueleliasweb]

Description

Hi everyone, and Merry Christmas!

I might have stumbled across some missing docs...

The page https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/iam-permissions.md seems to be missing some of the new permissions to manage addons. Like eks:CreateAddon, eks:DeleteAddon, eks:DescribeAddon, eks:DescribeAddonVersions and eks:ListAddons.

The full list of permissions/actions can be found here: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelastickubernetesservice.html#amazonelastickubernetesservice-actions-as-permissions

If you try to just use the provided permissions from the .md mentioned above and enable addons on your cluster you will get an error message like so when applying:

Error: error reading EKS Add-On (<cluster-name>:kube-proxy): AccessDeniedException: User: arn:aws:sts::123123123123:assumed-role/foobar/<session-name> is not authorized to perform: eks:DescribeAddon on resource: arn:aws:eks:<aws-region>:123123123:/clusters/<cluster-name>/addons/kube-proxy

🎄 🎅

[bryantbiggs]

thank you for this @migueleliasweb ! while this is great info, we are moving away from providing this level of detail in the module documentation. These details are (as you correctly pointed to) already provided by AWS and they are highly dependent on the various ways users configure their clusters. in the next major release of this module v18.x, we are removing this IAM permissions document for this reason. But thank you for reporting!

[migueleliasweb]

Thanks for the clarification! 👍

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.