Attach EKS auto policies for Auto cluster only (#574)

aws · Jan 30, 2025 · b5a9e87 · b5a9e87
1 parent 7b3bbf0
commit b5a9e87
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 20 deletions.
diff --git a/internal/deployers/eksapi/infra.go b/internal/deployers/eksapi/infra.go
@@ -128,6 +128,10 @@ func (m *InfrastructureManager) createInfrastructureStack(opts *deployerOptions)
 				ParameterKey:   aws.String("Subnet02AZ"),
 				ParameterValue: aws.String(subnetAzs[1]),
 			},
+			{
+				ParameterKey:   aws.String("AutoMode"),
+				ParameterValue: aws.String(fmt.Sprintf("%t", opts.AutoMode)),
+			},
 		},
 	}
 	if opts.ClusterRoleServicePrincipal != "" {

diff --git a/internal/deployers/eksapi/templates/infra.yaml b/internal/deployers/eksapi/templates/infra.yaml
@@ -42,6 +42,13 @@ Parameters:
   Subnet02AZ:
     Type: String
 
+  AutoMode:
+    Type: String
+    AllowedValues:
+      - "true"
+      - "false"
+    Default: "false"
+
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -61,6 +68,8 @@ Conditions:
         - ""
         - !Ref AdditionalClusterRoleServicePrincipal
 
+  IsAutoMode: !Equals [!Ref AutoMode, "true"]
+
 Resources:
   #
   # Public VPC
@@ -415,26 +424,38 @@ Resources:
           - - "arn:"
             - !Ref "AWS::Partition"
             - ":iam::aws:policy/AmazonEKSClusterPolicy"
-        - !Join
-          - ""
-          - - "arn:"
-            - !Ref "AWS::Partition"
-            - ":iam::aws:policy/AmazonEKSBlockStoragePolicy"
-        - !Join
-          - ""
-          - - "arn:"
-            - !Ref "AWS::Partition"
-            - ":iam::aws:policy/AmazonEKSComputePolicy"
-        - !Join
-          - ""
-          - - "arn:"
-            - !Ref "AWS::Partition"
-            - ":iam::aws:policy/AmazonEKSLoadBalancingPolicy"
-        - !Join
-          - ""
-          - - "arn:"
-            - !Ref "AWS::Partition"
-            - ":iam::aws:policy/AmazonEKSNetworkingPolicy"
+        - !If
+          - IsAutoMode
+          - !Join
+            - ""
+            - - "arn:"
+              - !Ref "AWS::Partition"
+              - ":iam::aws:policy/AmazonEKSBlockStoragePolicy"
+          - !Ref "AWS::NoValue"
+        - !If
+          - IsAutoMode
+          - !Join
+            - ""
+            - - "arn:"
+              - !Ref "AWS::Partition"
+              - ":iam::aws:policy/AmazonEKSComputePolicy"
+          - !Ref "AWS::NoValue"
+        - !If
+          - IsAutoMode
+          - !Join
+            - ""
+            - - "arn:"
+              - !Ref "AWS::Partition"
+              - ":iam::aws:policy/AmazonEKSLoadBalancingPolicy"
+          - !Ref "AWS::NoValue"
+        - !If
+          - IsAutoMode
+          - !Join
+            - ""
+            - - "arn:"
+              - !Ref "AWS::Partition"
+              - ":iam::aws:policy/AmazonEKSNetworkingPolicy"
+          - !Ref "AWS::NoValue"
 
   NodeRole:
     Type: AWS::IAM::Role