From 499d96c65f9ee4f39ddf7d839156f5d99d6d2336 Mon Sep 17 00:00:00 2001
From: L Philbrook <lloyd@tablexi.com>
Date: Tue, 7 Nov 2023 11:10:04 -0600
Subject: [PATCH] UPDATE cluster autoscaler IAM policy

---
 aws/eks/main.tf | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/aws/eks/main.tf b/aws/eks/main.tf
index 9b597b3..ddbab0f 100644
--- a/aws/eks/main.tf
+++ b/aws/eks/main.tf
@@ -266,6 +266,8 @@ data "aws_iam_policy_document" "cluster-autoscaler-trust-relationship" {
   }
 }
 
+# Recommended Policy
+# https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#full-cluster-autoscaler-features-policy-recommended
 data "aws_iam_policy_document" "cluster-autoscaler" {
   version = "2012-10-17"
 
@@ -274,10 +276,15 @@ data "aws_iam_policy_document" "cluster-autoscaler" {
       "autoscaling:DescribeAutoScalingGroups",
       "autoscaling:DescribeAutoScalingInstances",
       "autoscaling:DescribeLaunchConfigurations",
+      "autoscaling:DescribeScalingActivities",
       "autoscaling:DescribeTags",
+      "ec2:DescribeInstanceTypes",
+      "ec2:DescribeLaunchTemplateVersions",
       "autoscaling:SetDesiredCapacity",
       "autoscaling:TerminateInstanceInAutoScalingGroup",
-      "ec2:DescribeLaunchTemplateVersions",
+      "ec2:DescribeImages",
+      "ec2:GetInstanceTypesFromInstanceRequirements",
+      "eks:DescribeNodegroup"
     ]
     effect    = "Allow"
     resources = ["*"]