terraform: add missing policies for AWS ALB

edgelesssys / constellation

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

GNU Affero General Public License v3.0

929 stars 48 forks source link

Context

Node role permissions are currently handcrafted to allow the set of use cases we identified so far. We did not consider the use of AWS LBC as an Ingress provisioner, though, and thus never checked whether the policies are sufficient.

Proposed change(s)

Apply the recommended policy.
Add a test to ensure ALB Ingresses can be created.
Document considerations for using ALB Ingress with Constellation.

Related issue

Fixes #3056

Checklist

[x] Run the E2E tests that are relevant to this PR's changes
- https://github.com/edgelesssys/constellation/actions/runs/8938280204/job/24552109686 (intermediate state)
- https://github.com/edgelesssys/constellation/actions/runs/8968562872 (current HEAD)
[x] Update docs
[x] Add labels (e.g., for changelog category)
[x] Is PR title adequate for changelog?
[x] Link to Milestone

Name	Link
Latest commit	8704da6f5fd891406adacb82661934a6bfa8347d
Latest deploy log	https://app.netlify.com/sites/constellation-docs/deploys/6638c37b5484c90008d41318
Deploy Preview	https://deploy-preview-3063--constellation-docs.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

Name

Link

Latest commit

8704da6f5fd891406adacb82661934a6bfa8347d

Latest deploy log

https://app.netlify.com/sites/constellation-docs/deploys/6638c37b5484c90008d41318

Deploy Preview

https://deploy-preview-3063--constellation-docs.netlify.app

Preview on mobile

Toggle QR Code...

Use your smartphone camera to open QR code link.

edgelesssys / constellation