Skip to content

Commit

Permalink
ci: Enable control plane logging for e2e tests (aws#4846)
Browse files Browse the repository at this point in the history
  • Loading branch information
jonathan-innis authored and johngmyers committed May 31, 2024
1 parent 5311260 commit 0e78ed5
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 8 deletions.
6 changes: 4 additions & 2 deletions .github/actions/e2e/create-cluster/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,10 @@ runs:
- key: CriticalAddonsOnly
value: "true"
effect: NoSchedule
cloudWatch:
clusterLogging:
enableTypes: ["*"]
logRetentionInDays: 30
iam:
serviceRolePermissionsBoundary: "arn:aws:iam::${{ inputs.account_id }}:policy/GithubActionsPermissionsBoundary"
serviceAccounts:
Expand Down Expand Up @@ -152,8 +156,6 @@ runs:
# We need to call these update iamserviceaccount commands again since the "eksctl upgrade cluster" action
# doesn't handle updates to IAM serviceaccounts correctly when the roles assigned to them change
eksctl update iamserviceaccount -f clusterconfig.yaml --approve
- name: tag oidc provider of the cluster
if: always()
shell: bash
Expand Down
12 changes: 6 additions & 6 deletions test/cloudformation/iam_cloudformation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -148,8 +148,7 @@ Resources:
- eks:ListFargateProfiles
- eks:TagResource
- eks:DescribeCluster
Resource:
- !Sub "arn:${AWS::Partition}:eks:*:${AWS::AccountId}:cluster/*"
Resource: !Sub "arn:${AWS::Partition}:eks:*:${AWS::AccountId}:cluster/*"
Condition:
StringEquals:
aws:RequestedRegion:
Expand All @@ -169,16 +168,17 @@ Resources:
- eks:DeleteNodegroup
- eks:DescribeNodegroup
- eks:TagResource
Resource:
- !Sub "arn:${AWS::Partition}:eks:*:${AWS::AccountId}:nodegroup/*"
Resource: !Sub "arn:${AWS::Partition}:eks:*:${AWS::AccountId}:nodegroup/*"
Condition:
StringEquals:
aws:RequestedRegion:
Ref: Regions
- Effect: Allow
Action: logs:PutRetentionPolicy
Resource: !Sub "arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/eks/*"
- Effect: Allow
Action: fis:CreateExperimentTemplate
Resource:
- !Sub "arn:${AWS::Partition}:fis:*:${AWS::AccountId}:action/*"
Resource: !Sub "arn:${AWS::Partition}:fis:*:${AWS::AccountId}:action/*"
Condition:
StringEquals:
aws:RequestedRegion:
Expand Down

0 comments on commit 0e78ed5

Please sign in to comment.