Update iam role for aws-credential-manager (#532)

Superm4n97 · web-flow · commit a007ddb9fabc · 2026-04-01T10:49:53.000+06:00
Signed-off-by: rasel &lt;rasel@appscode.com&gt;
diff --git a/files/products/appscode/aws-selfhost/iam-credential-manager-permissions.json b/files/products/appscode/aws-selfhost/iam-credential-manager-permissions.json
@@ -3,7 +3,17 @@
   "Statement": [
     {
       "Effect": "Allow",
-      "Action": ["iam:GetRole", "iam:UpdateAssumeRolePolicy", "iam:ListRoles"],
+      "Action": [
+        "iam:GetRole",
+        "iam:UpdateAssumeRolePolicy",
+        "iam:ListRoles",
+        "iam:CreateRole",
+        "iam:DeleteRole",
+        "iam:PutRolePolicy",
+        "iam:ListAttachedRolePolicies",
+        "iam:GetRolePolicy",
+        "iam:AttachRolePolicy"
+      ],
       "Resource": "*"
     }
   ]

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,17 @@`
`3`	`3`	`"Statement": [`
`4`	`4`	`{`
`5`	`5`	`"Effect": "Allow",`
`6`		`- "Action": ["iam:GetRole", "iam:UpdateAssumeRolePolicy", "iam:ListRoles"],`
	`6`	`+ "Action": [`
	`7`	`+ "iam:GetRole",`
	`8`	`+ "iam:UpdateAssumeRolePolicy",`
	`9`	`+ "iam:ListRoles",`
	`10`	`+ "iam:CreateRole",`
	`11`	`+ "iam:DeleteRole",`
	`12`	`+ "iam:PutRolePolicy",`
	`13`	`+ "iam:ListAttachedRolePolicies",`
	`14`	`+ "iam:GetRolePolicy",`
	`15`	`+ "iam:AttachRolePolicy"`
	`16`	`+ ],`
`7`	`17`	`"Resource": "*"`
`8`	`18`	`}`
`9`	`19`	`]`