in spark-on-eks/source/lib/cdk_infra/iam_roles.py [0:0]
def __init__(self,scope: core.Construct, id:str, cluster_name:str, **kwargs,) -> None:
super().__init__(scope, id, **kwargs)
# EKS admin role
self._clusterAdminRole = iam.Role(self, 'clusterAdmin',
assumed_by= iam.AccountRootPrincipal()
)
self._clusterAdminRole.add_to_policy(iam.PolicyStatement(
resources=["*"],
actions=[
"eks:Describe*",
"eks:List*",
"eks:AccessKubernetesApi",
"ssm:GetParameter",
"iam:ListRoles"
],
))
core.Tags.of(self._clusterAdminRole).add(
key='eks/%s/type' % cluster_name,
value='admin-role'
)
# Managed Node Group Instance Role
_managed_node_managed_policies = (
iam.ManagedPolicy.from_aws_managed_policy_name('AmazonEKSWorkerNodePolicy'),
iam.ManagedPolicy.from_aws_managed_policy_name('AmazonEKS_CNI_Policy'),
iam.ManagedPolicy.from_aws_managed_policy_name('AmazonEC2ContainerRegistryReadOnly'),
iam.ManagedPolicy.from_aws_managed_policy_name('CloudWatchAgentServerPolicy'),
)
self._managed_node_role = iam.Role(self,'NodeInstance-Role',
role_name= cluster_name + '-NodeInstanceRole',
path='/',
assumed_by=iam.ServicePrincipal('ec2.amazonaws.com'),
managed_policies=list(_managed_node_managed_policies),
)