contain two statements: the first statement allows any EC2 to assume this role and the second allows it for arn:aws:iam::123456789012:role/kubernetes-worker-role
After checking an example and trying different trust relationships it seems like in my case it's enough to have only the second part of the trust relationships from an example.
That's why I'm curious to ask about the reasoning of the first statement in this policy because the goal is only to allow Kubernetes worker role to assume other roles, but provided example contradicts the principle of least privileges by allowing to assume the role by any EC2.
Greetings!
Trust relationship example provided in the README.md
contain two statements: the first statement allows any EC2 to assume this role and the second allows it for
arn:aws:iam::123456789012:role/kubernetes-worker-role
After checking an example and trying different trust relationships it seems like in my case it's enough to have only the second part of the trust relationships from an example.
That's why I'm curious to ask about the reasoning of the first statement in this policy because the goal is only to allow Kubernetes worker role to assume other roles, but provided example contradicts the principle of least privileges by allowing to assume the role by any EC2.
Thanks!