Attach AWS predefined policy to role

Open uanid opened this issue 4 years ago • 0 comments

AWS IAM Role allows attach predefined policy ARN to role. I suggest make a feature attach predefined policy to IRSA role.

Propose

Before

apiVersion: irsa.voodoo.io/v1alpha1
kind: IamRoleServiceAccount
metadata:
  name: sample-sa
spec:
  policy:
    statement:
      - action:
          - s3:ListBucket
        resource: arn:aws:s3:::example_bucket

After

apiVersion: irsa.voodoo.io/v1alpha1
kind: IamRoleServiceAccount
metadata:
  name: sample-sa
spec:
  policy:
    preDefinedArns:
    - arn:aws:iam::123456789012:policy/ManageCredentialsPermissions
    - arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
    statement:
      - action:
          - s3:ListBucket
        resource: arn:aws:s3:::example_bucket

Sep 14 '21 12:09 uanid