Skip to content

Commit b3a6d9a

Browse files
nvenk67nvenk67
authored
Merge pull request #1 from stacksimplify/master
la
2 parents a3928ad + b3e0333 commit b3a6d9a

File tree

114 files changed

+6357
-72
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

114 files changed

+6357
-72
lines changed

08-NEW-ELB-Application-LoadBalancers/08-01-Load-Balancer-Controller-Install/README.md

+530
Large diffs are not rendered by default.

08-NEW-ELB-Application-LoadBalancers/08-01-Load-Balancer-Controller-Install/iam_policy_latest.json

+219
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,219 @@
1+
{
2+
"Version": "2012-10-17",
3+
"Statement": [
4+
{
5+
"Effect": "Allow",
6+
"Action": [
7+
"iam:CreateServiceLinkedRole"
8+
],
9+
"Resource": "*",
10+
"Condition": {
11+
"StringEquals": {
12+
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
13+
}
14+
}
15+
},
16+
{
17+
"Effect": "Allow",
18+
"Action": [
19+
"ec2:DescribeAccountAttributes",
20+
"ec2:DescribeAddresses",
21+
"ec2:DescribeAvailabilityZones",
22+
"ec2:DescribeInternetGateways",
23+
"ec2:DescribeVpcs",
24+
"ec2:DescribeVpcPeeringConnections",
25+
"ec2:DescribeSubnets",
26+
"ec2:DescribeSecurityGroups",
27+
"ec2:DescribeInstances",
28+
"ec2:DescribeNetworkInterfaces",
29+
"ec2:DescribeTags",
30+
"ec2:GetCoipPoolUsage",
31+
"ec2:DescribeCoipPools",
32+
"elasticloadbalancing:DescribeLoadBalancers",
33+
"elasticloadbalancing:DescribeLoadBalancerAttributes",
34+
"elasticloadbalancing:DescribeListeners",
35+
"elasticloadbalancing:DescribeListenerCertificates",
36+
"elasticloadbalancing:DescribeSSLPolicies",
37+
"elasticloadbalancing:DescribeRules",
38+
"elasticloadbalancing:DescribeTargetGroups",
39+
"elasticloadbalancing:DescribeTargetGroupAttributes",
40+
"elasticloadbalancing:DescribeTargetHealth",
41+
"elasticloadbalancing:DescribeTags"
42+
],
43+
"Resource": "*"
44+
},
45+
{
46+
"Effect": "Allow",
47+
"Action": [
48+
"cognito-idp:DescribeUserPoolClient",
49+
"acm:ListCertificates",
50+
"acm:DescribeCertificate",
51+
"iam:ListServerCertificates",
52+
"iam:GetServerCertificate",
53+
"waf-regional:GetWebACL",
54+
"waf-regional:GetWebACLForResource",
55+
"waf-regional:AssociateWebACL",
56+
"waf-regional:DisassociateWebACL",
57+
"wafv2:GetWebACL",
58+
"wafv2:GetWebACLForResource",
59+
"wafv2:AssociateWebACL",
60+
"wafv2:DisassociateWebACL",
61+
"shield:GetSubscriptionState",
62+
"shield:DescribeProtection",
63+
"shield:CreateProtection",
64+
"shield:DeleteProtection"
65+
],
66+
"Resource": "*"
67+
},
68+
{
69+
"Effect": "Allow",
70+
"Action": [
71+
"ec2:AuthorizeSecurityGroupIngress",
72+
"ec2:RevokeSecurityGroupIngress"
73+
],
74+
"Resource": "*"
75+
},
76+
{
77+
"Effect": "Allow",
78+
"Action": [
79+
"ec2:CreateSecurityGroup"
80+
],
81+
"Resource": "*"
82+
},
83+
{
84+
"Effect": "Allow",
85+
"Action": [
86+
"ec2:CreateTags"
87+
],
88+
"Resource": "arn:aws:ec2:*:*:security-group/*",
89+
"Condition": {
90+
"StringEquals": {
91+
"ec2:CreateAction": "CreateSecurityGroup"
92+
},
93+
"Null": {
94+
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
95+
}
96+
}
97+
},
98+
{
99+
"Effect": "Allow",
100+
"Action": [
101+
"ec2:CreateTags",
102+
"ec2:DeleteTags"
103+
],
104+
"Resource": "arn:aws:ec2:*:*:security-group/*",
105+
"Condition": {
106+
"Null": {
107+
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
108+
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
109+
}
110+
}
111+
},
112+
{
113+
"Effect": "Allow",
114+
"Action": [
115+
"ec2:AuthorizeSecurityGroupIngress",
116+
"ec2:RevokeSecurityGroupIngress",
117+
"ec2:DeleteSecurityGroup"
118+
],
119+
"Resource": "*",
120+
"Condition": {
121+
"Null": {
122+
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
123+
}
124+
}
125+
},
126+
{
127+
"Effect": "Allow",
128+
"Action": [
129+
"elasticloadbalancing:CreateLoadBalancer",
130+
"elasticloadbalancing:CreateTargetGroup"
131+
],
132+
"Resource": "*",
133+
"Condition": {
134+
"Null": {
135+
"aws:RequestTag/elbv2.k8s.aws/cluster": "false"
136+
}
137+
}
138+
},
139+
{
140+
"Effect": "Allow",
141+
"Action": [
142+
"elasticloadbalancing:CreateListener",
143+
"elasticloadbalancing:DeleteListener",
144+
"elasticloadbalancing:CreateRule",
145+
"elasticloadbalancing:DeleteRule"
146+
],
147+
"Resource": "*"
148+
},
149+
{
150+
"Effect": "Allow",
151+
"Action": [
152+
"elasticloadbalancing:AddTags",
153+
"elasticloadbalancing:RemoveTags"
154+
],
155+
"Resource": [
156+
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
157+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
158+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
159+
],
160+
"Condition": {
161+
"Null": {
162+
"aws:RequestTag/elbv2.k8s.aws/cluster": "true",
163+
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
164+
}
165+
}
166+
},
167+
{
168+
"Effect": "Allow",
169+
"Action": [
170+
"elasticloadbalancing:AddTags",
171+
"elasticloadbalancing:RemoveTags"
172+
],
173+
"Resource": [
174+
"arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*",
175+
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
176+
"arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*",
177+
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
178+
]
179+
},
180+
{
181+
"Effect": "Allow",
182+
"Action": [
183+
"elasticloadbalancing:ModifyLoadBalancerAttributes",
184+
"elasticloadbalancing:SetIpAddressType",
185+
"elasticloadbalancing:SetSecurityGroups",
186+
"elasticloadbalancing:SetSubnets",
187+
"elasticloadbalancing:DeleteLoadBalancer",
188+
"elasticloadbalancing:ModifyTargetGroup",
189+
"elasticloadbalancing:ModifyTargetGroupAttributes",
190+
"elasticloadbalancing:DeleteTargetGroup"
191+
],
192+
"Resource": "*",
193+
"Condition": {
194+
"Null": {
195+
"aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
196+
}
197+
}
198+
},
199+
{
200+
"Effect": "Allow",
201+
"Action": [
202+
"elasticloadbalancing:RegisterTargets",
203+
"elasticloadbalancing:DeregisterTargets"
204+
],
205+
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
206+
},
207+
{
208+
"Effect": "Allow",
209+
"Action": [
210+
"elasticloadbalancing:SetWebAcl",
211+
"elasticloadbalancing:ModifyListener",
212+
"elasticloadbalancing:AddListenerCertificates",
213+
"elasticloadbalancing:RemoveListenerCertificates",
214+
"elasticloadbalancing:ModifyRule"
215+
],
216+
"Resource": "*"
217+
}
218+
]
219+
}

0 commit comments

Comments
 (0)