diff --git a/pkg/apis/eksctl.io/v1alpha5/assets/schema.json b/pkg/apis/eksctl.io/v1alpha5/assets/schema.json
index 5bad31ad0a..53fde01111 100755
--- a/pkg/apis/eksctl.io/v1alpha5/assets/schema.json
+++ b/pkg/apis/eksctl.io/v1alpha5/assets/schema.json
@@ -2434,6 +2434,9 @@
"description": "enables IAM policy for cluster-autoscaler",
"x-intellij-html-description": "enables IAM policy for cluster-autoscaler"
},
+ "awsGlobalAccelerator": {
+ "type": "boolean"
+ },
"awsLoadBalancerController": {
"type": "boolean"
},
@@ -2483,7 +2486,8 @@
"awsLoadBalancerController",
"albIngress",
"xRay",
- "cloudWatch"
+ "cloudWatch",
+ "awsGlobalAccelerator"
],
"additionalProperties": false,
"description": "holds all IAM addon policies",
@@ -3152,6 +3156,12 @@
"x-intellij-html-description": "adds policies for cluster-autoscaler. See autoscaler AWS docs.",
"default": "false"
},
+ "awsGlobalAccelerator": {
+ "type": "boolean",
+ "description": "adds policies for using the Amazon Global Accelerator. See [IAM Policy for AWS Global Accelerator Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/install/aga_controller_iam_policy/).",
+ "x-intellij-html-description": "adds policies for using the Amazon Global Accelerator. See IAM Policy for AWS Global Accelerator Controller.",
+ "default": "false"
+ },
"awsLoadBalancerController": {
"type": "boolean",
"description": "adds policies for using the aws-load-balancer-controller. See [Load Balancer docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html).",
@@ -3196,7 +3206,8 @@
"externalDNS",
"certManager",
"ebsCSIController",
- "efsCSIController"
+ "efsCSIController",
+ "awsGlobalAccelerator"
],
"additionalProperties": false,
"description": "for attaching common IAM policies",
diff --git a/pkg/apis/eksctl.io/v1alpha5/types.go b/pkg/apis/eksctl.io/v1alpha5/types.go
index 95b46517c7..ad66a1b796 100644
--- a/pkg/apis/eksctl.io/v1alpha5/types.go
+++ b/pkg/apis/eksctl.io/v1alpha5/types.go
@@ -1290,6 +1290,7 @@ func NewNodeGroup() *NodeGroup {
DeprecatedALBIngress: Disabled(),
XRay: Disabled(),
CloudWatch: Disabled(),
+ AWSGlobalAccelerator: Disabled(),
},
},
ScalingConfig: &ScalingConfig{},
@@ -1340,6 +1341,7 @@ func NewManagedNodeGroup() *ManagedNodeGroup {
DeprecatedALBIngress: Disabled(),
XRay: Disabled(),
CloudWatch: Disabled(),
+ AWSGlobalAccelerator: Disabled(),
},
},
ScalingConfig: &ScalingConfig{},
@@ -1565,6 +1567,8 @@ type (
XRay *bool `json:"xRay"`
// +optional
CloudWatch *bool `json:"cloudWatch"`
+ // +optional
+ AWSGlobalAccelerator *bool `json:"awsGlobalAccelerator"`
}
// NodeGroupSSH holds all the ssh access configuration to a NodeGroup
diff --git a/pkg/apis/eksctl.io/v1alpha5/validation.go b/pkg/apis/eksctl.io/v1alpha5/validation.go
index b6cf69653f..73a92e5e5d 100644
--- a/pkg/apis/eksctl.io/v1alpha5/validation.go
+++ b/pkg/apis/eksctl.io/v1alpha5/validation.go
@@ -1215,6 +1215,9 @@ func validateNodeGroupIAMWithAddonPolicies(
if IsEnabled(policies.CloudWatch) {
return fmtFieldConflictErr(prefix + "cloudWatch")
}
+ if IsEnabled(policies.AWSGlobalAccelerator) {
+ return fmtFieldConflictErr(prefix + "awsGlobalAccelerator")
+ }
return nil
}
diff --git a/pkg/apis/eksctl.io/v1alpha5/well_known_iam_policy.go b/pkg/apis/eksctl.io/v1alpha5/well_known_iam_policy.go
index 0976c63bc6..58aeb1c290 100644
--- a/pkg/apis/eksctl.io/v1alpha5/well_known_iam_policy.go
+++ b/pkg/apis/eksctl.io/v1alpha5/well_known_iam_policy.go
@@ -32,10 +32,14 @@ type WellKnownPolicies struct {
// efs-csi-controller. See [aws-efs-csi-driver
// docs](https://aws.amazon.com/blogs/containers/introducing-efs-csi-dynamic-provisioning).
EFSCSIController bool `json:"efsCSIController,inline"`
+ // AWSGlobalAccelerator adds policies for using the
+ // Amazon Global Accelerator. See [IAM Policy for
+ // AWS Global Accelerator Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/install/aga_controller_iam_policy/).
+ AWSGlobalAccelerator bool `json:"awsGlobalAccelerator,inline"`
}
func (p *WellKnownPolicies) HasPolicy() bool {
- return p.ImageBuilder || p.AutoScaler || p.AWSLoadBalancerController || p.ExternalDNS || p.CertManager || p.EBSCSIController || p.EFSCSIController
+ return p.ImageBuilder || p.AutoScaler || p.AWSLoadBalancerController || p.ExternalDNS || p.CertManager || p.EBSCSIController || p.EFSCSIController || p.AWSGlobalAccelerator
}
func (p *WellKnownPolicies) String() string { return "" }
diff --git a/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go b/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go
index 18bee64b01..b9bbf44dab 100644
--- a/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go
+++ b/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go
@@ -2072,6 +2072,11 @@ func (in *NodeGroupIAMAddonPolicies) DeepCopyInto(out *NodeGroupIAMAddonPolicies
*out = new(bool)
**out = **in
}
+ if in.AWSGlobalAccelerator != nil {
+ in, out := &in.AWSGlobalAccelerator, &out.AWSGlobalAccelerator
+ *out = new(bool)
+ **out = **in
+ }
return
}
diff --git a/pkg/awsapi/autoscaling.go b/pkg/awsapi/autoscaling.go
index 846b71754f..59eb0f5403 100644
--- a/pkg/awsapi/autoscaling.go
+++ b/pkg/awsapi/autoscaling.go
@@ -926,4 +926,3 @@ type ASG interface {
// [PutScalingPolicy]: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PutScalingPolicy.html
UpdateAutoScalingGroup(ctx context.Context, params *autoscaling.UpdateAutoScalingGroupInput, optFns ...func(*Options)) (*autoscaling.UpdateAutoScalingGroupOutput, error)
}
-
diff --git a/pkg/awsapi/cloudwatchlogs.go b/pkg/awsapi/cloudwatchlogs.go
index d9baaab20d..bd49f7cbd2 100644
--- a/pkg/awsapi/cloudwatchlogs.go
+++ b/pkg/awsapi/cloudwatchlogs.go
@@ -1888,4 +1888,3 @@ type CloudWatchLogs interface {
// destinations.
UpdateScheduledQuery(ctx context.Context, params *cloudwatchlogs.UpdateScheduledQueryInput, optFns ...func(*Options)) (*cloudwatchlogs.UpdateScheduledQueryOutput, error)
}
-
diff --git a/pkg/awsapi/ec2.go b/pkg/awsapi/ec2.go
index d712418275..95807ac99e 100644
--- a/pkg/awsapi/ec2.go
+++ b/pkg/awsapi/ec2.go
@@ -6458,4 +6458,3 @@ type EC2 interface {
// routing to Amazon Web Services because of BGP propagation delays.
WithdrawByoipCidr(ctx context.Context, params *ec2.WithdrawByoipCidrInput, optFns ...func(*Options)) (*ec2.WithdrawByoipCidrOutput, error)
}
-
diff --git a/pkg/awsapi/eks.go b/pkg/awsapi/eks.go
index 2274e354e7..4e8eb8bff9 100644
--- a/pkg/awsapi/eks.go
+++ b/pkg/awsapi/eks.go
@@ -573,4 +573,3 @@ type EKS interface {
// Amazon Web Services account.
UpdatePodIdentityAssociation(ctx context.Context, params *eks.UpdatePodIdentityAssociationInput, optFns ...func(*Options)) (*eks.UpdatePodIdentityAssociationOutput, error)
}
-
diff --git a/pkg/cfn/builder/iam_helper.go b/pkg/cfn/builder/iam_helper.go
index 9c9576d737..a9188e8a96 100644
--- a/pkg/cfn/builder/iam_helper.go
+++ b/pkg/cfn/builder/iam_helper.go
@@ -74,6 +74,11 @@ func createWellKnownPolicies(wellKnownPolicies api.WellKnownPolicies) ([]managed
customPolicyForRole{Name: "PolicyEFSCSIController", Statements: efsCSIControllerStatements()},
)
}
+ if wellKnownPolicies.AWSGlobalAccelerator {
+ customPolicies = append(customPolicies,
+ customPolicyForRole{Name: "PolicyAWSGlobalAccelerator", Statements: globalAcceleratorStatements()},
+ )
+ }
return managedPolicies, customPolicies
}
@@ -143,6 +148,10 @@ func createRole(cfnTemplate cfnTemplate, clusterIAMConfig *api.ClusterIAM, iamCo
cfnTemplate.attachAllowPolicy("PolicyXRay", refIR, xRayStatements())
}
+ if api.IsEnabled(iamConfig.WithAddonPolicies.AWSGlobalAccelerator) {
+ cfnTemplate.attachAllowPolicy("PolicyAWSGlobalAccelerator", refIR, globalAcceleratorStatements())
+ }
+
return nil
}
diff --git a/pkg/cfn/builder/iam_test.go b/pkg/cfn/builder/iam_test.go
index 2923163978..a097fc42b3 100644
--- a/pkg/cfn/builder/iam_test.go
+++ b/pkg/cfn/builder/iam_test.go
@@ -299,6 +299,7 @@ var _ = Describe("template builder for IAM", func() {
ImageBuilder: true,
AutoScaler: true,
AWSLoadBalancerController: true,
+ AWSGlobalAccelerator: true,
ExternalDNS: true,
CertManager: true,
EBSCSIController: true,
@@ -319,7 +320,7 @@ var _ = Describe("template builder for IAM", func() {
Expect(t.Description).To(Equal("IAM role for serviceaccount \"default/sa-1\" [created and managed by eksctl]"))
- Expect(t.Resources).To(HaveLen(9))
+ Expect(t.Resources).To(HaveLen(10))
Expect(t.Outputs).To(HaveLen(1))
Expect(t).To(HaveResource(outputs.IAMServiceAccountRoleName, "AWS::IAM::Role"))
@@ -335,6 +336,7 @@ var _ = Describe("template builder for IAM", func() {
]`))
Expect(t).To(HaveOutputWithValue(outputs.IAMServiceAccountRoleName, `{ "Fn::GetAtt": "Role1.Arn" }`))
Expect(t).To(HaveResourceWithPropertyValue("PolicyAWSLoadBalancerController", "PolicyDocument", expectedAWSLoadBalancerControllerPolicyDocument))
+ Expect(t).To(HaveResourceWithPropertyValue("PolicyAWSGlobalAccelerator", "PolicyDocument", expectedAWSGlobalAcceleratorPolicyDocument))
})
It("can parse an iamserviceaccount addon template", func() {
@@ -806,3 +808,147 @@ const expectedAWSLoadBalancerControllerPolicyDocument = `{
],
"Version": "2012-10-17"
}`
+
+const expectedAWSGlobalAcceleratorPolicyDocument = `{
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "globalaccelerator.amazonaws.com"
+ ]
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "globalaccelerator:ListAccelerators",
+ "globalaccelerator:ListEndpointGroups",
+ "globalaccelerator:ListListeners",
+ "globalaccelerator:ListTagsForResource",
+ "ec2:DescribeRegions",
+ "tag:GetResources"
+ ],
+ "Resource": "*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "globalaccelerator:DescribeAccelerator",
+ "globalaccelerator:DescribeEndpointGroup",
+ "globalaccelerator:DescribeListener"
+ ],
+ "Resource": [
+ {
+ "Fn::Sub": "arn:${AWS::Partition}:globalaccelerator::*:accelerator/*"
+ },
+ {
+ "Fn::Sub": "arn:${AWS::Partition}:globalaccelerator::*:accelerator/*/listener/*"
+ },
+ {
+ "Fn::Sub": "arn:${AWS::Partition}:globalaccelerator::*:accelerator/*/listener/*/endpoint-group/*"
+ }
+ ],
+ "Condition": {
+ "Null": {
+ "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+ },
+ "StringEquals": {
+ "aws:ResourceTag/aga.k8s.aws/resource": "GlobalAccelerator"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "globalaccelerator:CreateAccelerator"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "Null": {
+ "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+ },
+ "StringEquals": {
+ "aws:RequestTag/aga.k8s.aws/resource": "GlobalAccelerator"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "globalaccelerator:UpdateAccelerator",
+ "globalaccelerator:DeleteAccelerator",
+ "globalaccelerator:CreateListener",
+ "globalaccelerator:UpdateListener",
+ "globalaccelerator:DeleteListener",
+ "globalaccelerator:CreateEndpointGroup",
+ "globalaccelerator:UpdateEndpointGroup",
+ "globalaccelerator:DeleteEndpointGroup",
+ "globalaccelerator:AddEndpoints",
+ "globalaccelerator:RemoveEndpoints"
+ ],
+ "Resource": [
+ {
+ "Fn::Sub": "arn:${AWS::Partition}:globalaccelerator::*:accelerator/*"
+ },
+ {
+ "Fn::Sub": "arn:${AWS::Partition}:globalaccelerator::*:accelerator/*/listener/*"
+ },
+ {
+ "Fn::Sub": "arn:${AWS::Partition}:globalaccelerator::*:accelerator/*/listener/*/endpoint-group/*"
+ }
+ ],
+ "Condition": {
+ "Null": {
+ "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+ },
+ "StringEquals": {
+ "aws:ResourceTag/aga.k8s.aws/resource": "GlobalAccelerator"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "globalaccelerator:TagResource",
+ "globalaccelerator:UntagResource"
+ ],
+ "Resource": {
+ "Fn::Sub": "arn:${AWS::Partition}:globalaccelerator::*:accelerator/*"
+ },
+ "Condition": {
+ "Null": {
+ "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
+ "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+ },
+ "StringEquals": {
+ "aws:ResourceTag/aga.k8s.aws/resource": "GlobalAccelerator"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "globalaccelerator:TagResource"
+ ],
+ "Resource": {
+ "Fn::Sub": "arn:${AWS::Partition}:globalaccelerator::*:accelerator/*"
+ },
+ "Condition": {
+ "Null": {
+ "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+ },
+ "StringEquals": {
+ "aws:RequestTag/aga.k8s.aws/resource": "GlobalAccelerator"
+ }
+ }
+ }
+ ],
+ "Version": "2012-10-17"
+}`
diff --git a/pkg/cfn/builder/managed_nodegroup_test.go b/pkg/cfn/builder/managed_nodegroup_test.go
index 66f1b2733d..69dc49b6bd 100644
--- a/pkg/cfn/builder/managed_nodegroup_test.go
+++ b/pkg/cfn/builder/managed_nodegroup_test.go
@@ -59,6 +59,14 @@ func TestManagedPolicyResources(t *testing.T) {
expectedManagedPolicies: makePartitionedPolicies("AmazonEKSWorkerNodePolicy", "AmazonEKS_CNI_Policy", "AmazonEC2ContainerRegistryPullOnly", "AmazonSSMManagedInstanceCore"),
description: "AutoScaler enabled",
},
+ {
+ addons: api.NodeGroupIAMAddonPolicies{
+ AWSGlobalAccelerator: api.Enabled(),
+ },
+ expectedNewPolicies: []string{"PolicyAWSGlobalAccelerator"},
+ expectedManagedPolicies: makePartitionedPolicies("AmazonEKSWorkerNodePolicy", "AmazonEKS_CNI_Policy", "AmazonEC2ContainerRegistryPullOnly", "AmazonSSMManagedInstanceCore"),
+ description: "AWSGlobalAccelerator enabled",
+ },
{
attachPolicy: cft.MakePolicyDocument(cft.MapOfInterfaces{
"Effect": "Allow",
diff --git a/pkg/cfn/builder/statement.go b/pkg/cfn/builder/statement.go
index 8afe21bae7..3caff2a922 100644
--- a/pkg/cfn/builder/statement.go
+++ b/pkg/cfn/builder/statement.go
@@ -482,3 +482,128 @@ func efsCSIControllerStatements() []cft.MapOfInterfaces {
},
}
}
+
+func globalAcceleratorStatements() []cft.MapOfInterfaces {
+ return []cft.MapOfInterfaces{
+ {
+ "Effect": effectAllow,
+ "Action": []string{"iam:CreateServiceLinkedRole"},
+ "Resource": resourceAll,
+ "Condition": map[string]interface{}{
+ "StringEquals": map[string][]string{
+ "iam:AWSServiceName": {
+ "globalaccelerator.amazonaws.com",
+ },
+ },
+ },
+ },
+ {
+ "Effect": effectAllow,
+ "Resource": resourceAll,
+ "Action": []string{
+ "globalaccelerator:ListAccelerators",
+ "globalaccelerator:ListEndpointGroups",
+ "globalaccelerator:ListListeners",
+ "globalaccelerator:ListTagsForResource",
+ "ec2:DescribeRegions",
+ "tag:GetResources",
+ },
+ },
+ {
+ "Effect": effectAllow,
+ "Resource": []*gfnt.Value{
+ addARNPartitionPrefix("globalaccelerator::*:accelerator/*"),
+ addARNPartitionPrefix("globalaccelerator::*:accelerator/*/listener/*"),
+ addARNPartitionPrefix("globalaccelerator::*:accelerator/*/listener/*/endpoint-group/*"),
+ },
+ "Action": []string{
+ "globalaccelerator:DescribeAccelerator",
+ "globalaccelerator:DescribeEndpointGroup",
+ "globalaccelerator:DescribeListener",
+ },
+ "Condition": map[string]interface{}{
+ "Null": map[string]string{
+ "aws:ResourceTag/elbv2.k8s.aws/cluster": "false",
+ },
+ "StringEquals": map[string]string{
+ "aws:ResourceTag/aga.k8s.aws/resource": "GlobalAccelerator",
+ },
+ },
+ },
+ {
+ "Effect": effectAllow,
+ "Resource": resourceAll,
+ "Action": []string{
+ "globalaccelerator:CreateAccelerator",
+ },
+ "Condition": map[string]interface{}{
+ "Null": map[string]string{
+ "aws:RequestTag/elbv2.k8s.aws/cluster": "false",
+ },
+ "StringEquals": map[string]string{
+ "aws:RequestTag/aga.k8s.aws/resource": "GlobalAccelerator",
+ },
+ },
+ },
+ {
+ "Effect": effectAllow,
+ "Resource": []*gfnt.Value{
+ addARNPartitionPrefix("globalaccelerator::*:accelerator/*"),
+ addARNPartitionPrefix("globalaccelerator::*:accelerator/*/listener/*"),
+ addARNPartitionPrefix("globalaccelerator::*:accelerator/*/listener/*/endpoint-group/*"),
+ },
+ "Action": []string{
+ "globalaccelerator:UpdateAccelerator",
+ "globalaccelerator:DeleteAccelerator",
+ "globalaccelerator:CreateListener",
+ "globalaccelerator:UpdateListener",
+ "globalaccelerator:DeleteListener",
+ "globalaccelerator:CreateEndpointGroup",
+ "globalaccelerator:UpdateEndpointGroup",
+ "globalaccelerator:DeleteEndpointGroup",
+ "globalaccelerator:AddEndpoints",
+ "globalaccelerator:RemoveEndpoints",
+ },
+ "Condition": map[string]interface{}{
+ "Null": map[string]string{
+ "aws:ResourceTag/elbv2.k8s.aws/cluster": "false",
+ },
+ "StringEquals": map[string]string{
+ "aws:ResourceTag/aga.k8s.aws/resource": "GlobalAccelerator",
+ },
+ },
+ },
+ {
+ "Effect": effectAllow,
+ "Resource": addARNPartitionPrefix("globalaccelerator::*:accelerator/*"),
+ "Action": []string{
+ "globalaccelerator:TagResource",
+ "globalaccelerator:UntagResource",
+ },
+ "Condition": map[string]interface{}{
+ "Null": map[string]string{
+ "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
+ "aws:ResourceTag/elbv2.k8s.aws/cluster": "false",
+ },
+ "StringEquals": map[string]string{
+ "aws:ResourceTag/aga.k8s.aws/resource": "GlobalAccelerator",
+ },
+ },
+ },
+ {
+ "Effect": effectAllow,
+ "Resource": addARNPartitionPrefix("globalaccelerator::*:accelerator/*"),
+ "Action": []string{
+ "globalaccelerator:TagResource",
+ },
+ "Condition": map[string]interface{}{
+ "Null": map[string]string{
+ "aws:RequestTag/elbv2.k8s.aws/cluster": "false",
+ },
+ "StringEquals": map[string]string{
+ "aws:RequestTag/aga.k8s.aws/resource": "GlobalAccelerator",
+ },
+ },
+ },
+ }
+}
diff --git a/pkg/ctl/cmdutils/filter/nodegroup_filter_test.go b/pkg/ctl/cmdutils/filter/nodegroup_filter_test.go
index b7e99a7997..06e40d6443 100644
--- a/pkg/ctl/cmdutils/filter/nodegroup_filter_test.go
+++ b/pkg/ctl/cmdutils/filter/nodegroup_filter_test.go
@@ -414,7 +414,8 @@ var expected = fmt.Sprintf(`
"efs": false,
"albIngress": false,
"xRay": false,
- "cloudWatch": false
+ "cloudWatch": false,
+ "awsGlobalAccelerator": false
}
},
"disableIMDSv1": true,
@@ -459,7 +460,8 @@ var expected = fmt.Sprintf(`
"efs": false,
"albIngress": false,
"xRay": false,
- "cloudWatch": false
+ "cloudWatch": false,
+ "awsGlobalAccelerator": false
}
},
"disableIMDSv1": true,
@@ -504,7 +506,8 @@ var expected = fmt.Sprintf(`
"efs": false,
"albIngress": false,
"xRay": false,
- "cloudWatch": false
+ "cloudWatch": false,
+ "awsGlobalAccelerator": false
}
},
"clusterDNS": "1.2.3.4",
@@ -540,7 +543,7 @@ var expected = fmt.Sprintf(`
"withAddonPolicies": {
"imageBuilder": false,
"autoScaler": false,
- "awsLoadBalancerController": false,
+ "awsLoadBalancerController": false,
"externalDNS": false,
"certManager": false,
"appMesh": false,
@@ -550,7 +553,8 @@ var expected = fmt.Sprintf(`
"efs": false,
"albIngress": false,
"xRay": false,
- "cloudWatch": false
+ "cloudWatch": false,
+ "awsGlobalAccelerator": false
}
},
"disableIMDSv1": true,
@@ -588,7 +592,7 @@ var expected = fmt.Sprintf(`
"withAddonPolicies": {
"imageBuilder": false,
"autoScaler": false,
- "awsLoadBalancerController": false,
+ "awsLoadBalancerController": false,
"externalDNS": false,
"certManager": false,
"appMesh": false,
@@ -598,7 +602,8 @@ var expected = fmt.Sprintf(`
"efs": false,
"albIngress": false,
"xRay": false,
- "cloudWatch": false
+ "cloudWatch": false,
+ "awsGlobalAccelerator": false
}
},
"clusterDNS": "4.2.8.14",
@@ -647,7 +652,8 @@ var expected = fmt.Sprintf(`
"efs": false,
"albIngress": false,
"xRay": false,
- "cloudWatch": false
+ "cloudWatch": false,
+ "awsGlobalAccelerator": false
}
},
"disableIMDSv1": true,
diff --git a/pkg/ctl/cmdutils/nodegroup_flags.go b/pkg/ctl/cmdutils/nodegroup_flags.go
index ac8ff7982d..a51b88dd9a 100644
--- a/pkg/ctl/cmdutils/nodegroup_flags.go
+++ b/pkg/ctl/cmdutils/nodegroup_flags.go
@@ -96,12 +96,14 @@ func addCommonCreateNodeGroupIAMAddonsFlags(fs *pflag.FlagSet, ng *api.NodeGroup
ng.IAM.WithAddonPolicies.AWSLoadBalancerController = new(bool)
ng.IAM.WithAddonPolicies.XRay = new(bool)
ng.IAM.WithAddonPolicies.CloudWatch = new(bool)
+ ng.IAM.WithAddonPolicies.AWSGlobalAccelerator = new(bool)
fs.BoolVar(ng.IAM.WithAddonPolicies.AutoScaler, "asg-access", false, "enable IAM policy for cluster-autoscaler")
fs.BoolVar(ng.IAM.WithAddonPolicies.ExternalDNS, "external-dns-access", false, "enable IAM policy for external-dns")
fs.BoolVar(ng.IAM.WithAddonPolicies.ImageBuilder, "full-ecr-access", false, "enable full access to ECR")
fs.BoolVar(ng.IAM.WithAddonPolicies.AppMesh, "appmesh-access", false, "enable full access to AppMesh")
fs.BoolVar(ng.IAM.WithAddonPolicies.AppMeshPreview, "appmesh-preview-access", false, "enable full access to AppMesh Preview")
fs.BoolVar(ng.IAM.WithAddonPolicies.AWSLoadBalancerController, "alb-ingress-access", false, "enable full access for alb-ingress-controller")
+ fs.BoolVar(ng.IAM.WithAddonPolicies.AWSGlobalAccelerator, "global-accelerator-access", false, "enable IAM policy for Global Accelerator")
}
// AddNodeGroupFilterFlags add common `--include` and `--exclude` flags for filtering nodegroups