Refactor IAM policy used by CI

ElijahQuinones · ElijahQuinones · commit 08229ed03a8a · 2025-11-03T18:56:18.000Z
diff --git a/hack/e2e/eksctl/cluster.yaml b/hack/e2e/eksctl/cluster.yaml
@@ -31,24 +31,10 @@ iam:
       attachPolicy:
         Version: '2012-10-17'
         Statement:
-          - Effect: Allow
-            Action:
-              - ec2:CopyVolumes
-            Resource: "arn:aws:ec2:*:*:volume/vol-*"
           - Effect: Allow
             Action:
               - ec2:CopyVolumes
             Resource: "arn:aws:ec2:*:*:volume/*"
-            Condition:
-              StringLike:
-                "aws:RequestTag/ebs.csi.aws.com/cluster": "true"
-          - Effect: Allow
-            Action:
-              - ec2:CopyVolumes
-            Resource: "arn:aws:ec2:*:*:volume/*"
-            Condition:
-              StringLike:
-                "aws:RequestTag/CSIVolumeName": "*"
           - Effect: Allow
             Action:
               - ec2:CreateTags
diff --git a/hack/e2e/kops/patch-cluster.yaml b/hack/e2e/kops/patch-cluster.yaml
@@ -44,18 +44,10 @@ spec:
           "Effect": "Allow",
           "Action": [
             "ec2:CreateSnapshot",
-            "ec2:ModifyVolume"
-          ],
-          "Resource": "arn:aws:ec2:*:*:volume/*"
-        },
-        {
-          "Effect": "Allow",
-          "Action": [
+            "ec2:ModifyVolume",
             "ec2:CopyVolumes"
           ],
-          "Resource": [
-            "arn:aws:ec2:*:*:volume/vol-*"
-          ]
+          "Resource": "arn:aws:ec2:*:*:volume/*"
         },
         {
           "Effect": "Allow",
@@ -108,8 +100,7 @@ spec:
         {
           "Effect": "Allow",
           "Action": [
-            "ec2:CreateVolume",
-            "ec2:CopyVolumes"
+            "ec2:CreateVolume"
           ],
           "Resource": "arn:aws:ec2:*:*:volume/*",
           "Condition": {
