search

aws-quickstart / cdk-eks-blueprints

AWS Quick Start Team
Apache License 2.0
454 stars 205 forks source link

EFS CSI Driver just work with EFS resources have `efs.csi.aws.com/cluster: true` tag #409

Closed vumdao closed 2 years ago

vumdao commented 2 years ago

Describe the documentation issue

The efs csi driver service account just have Create/delete EFS access point permission on resources have tag efs.csi.aws.com/cluster: "true" as the inline policy defined

        {
          "Effect": "Allow",
          "Action": [
            "elasticfilesystem:CreateAccessPoint"
          ],
          "Resource": "*",
          "Condition": {
            "StringLike": {
              "aws:RequestTag/efs.csi.aws.com/cluster": "true"
            }
          }
        },
        {
          "Effect": "Allow",
          "Action": "elasticfilesystem:DeleteAccessPoint",
          "Resource": "*",
          "Condition": {
            "StringEquals": {
              "aws:ResourceTag/efs.csi.aws.com/cluster": "true"
            }
          }
        }

Links

https://github.com/aws-quickstart/cdk-eks-blueprints/blob/main/docs/addons/efs-csi-driver.md

vumdao commented 2 years ago

Wrong understanding