62 lines
1.9 KiB
YAML
62 lines
1.9 KiB
YAML
# region: us-west-2
|
|
# accountId: "471112582304"
|
|
# create: true
|
|
# podIdentityPolicyCreate: false
|
|
# podIdentityRole:
|
|
# description: "Test"
|
|
# # Only one of the two can be true Managed Policy or Policy Refs
|
|
# # If Policy is created it will automatically add it on managed Policies or PolicyRefs
|
|
# managedPolicies:
|
|
# - "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess"
|
|
# - "arn:aws:iam::aws:policy/Admin"
|
|
# policyRefs:
|
|
# - name: "custom-policy-1"
|
|
# namespace: kube-system
|
|
# - name: "AmazonSSMReadOnlyAccess"
|
|
# namespace: kube-system
|
|
# podIdentityAssociation:
|
|
# clusterName: control-plane
|
|
# namespace: default
|
|
# serviceAccounts:
|
|
# - serviceAccount1
|
|
# - serviceAccount2
|
|
# podIdentityPolicy:
|
|
# description: "Test"
|
|
# policies:
|
|
# - resourceType: ssm
|
|
# resourceName: "*"
|
|
# actions:
|
|
# - "ssm:DescribeParameters"
|
|
# - resourceType: ssm
|
|
# resourceName: parameter/*
|
|
# actions:
|
|
# - "ssm:GetParameter"
|
|
# - "ssm:GetParameters"
|
|
# - resourceType: secretsmanager
|
|
# resourceName: secret:*
|
|
# actions:
|
|
# - "secretsmanager:GetResourcePolicy"
|
|
# - "secretsmanager:GetSecretValue"
|
|
# - "secretsmanager:DescribeSecret"
|
|
# - "secretsmanager:ListSecretVersionIds"
|
|
# - "secretsmanager:CreateSecret"
|
|
# - "secretsmanager:PutSecretValue"
|
|
# - "secretsmanager:TagResource"
|
|
# - resourceType: secretsmanager
|
|
# resourceName: secret:*
|
|
# actions:
|
|
# - "secretsmanager:DeleteSecret"
|
|
# conditions:
|
|
# - test: "StringEquals"
|
|
# variable: "secretsmanager:ResourceTag/managed-by"
|
|
# values:
|
|
# - "external-secrets"
|
|
# - resourceType: kms
|
|
# resourceName: "key/*"
|
|
# actions:
|
|
# - "kms:Decrypt"
|
|
# - resourceType: ecr
|
|
# resourceName: "*"
|
|
# actions:
|
|
# - "ecr:GetAuthorizationToken"
|