Skip to content

Releases: giantswarm/giantswarm-aws-account-prerequisites

v5.0.0

14 Jan 13:14
@github-actions github-actions
v5.0.0
0024b76
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v5.0.0 Latest
Latest

Changed

  • Reduce setup options to only OpenTofu / Terraform
Assets 2
Loading

v4.3.1

18 Dec 14:26
@github-actions github-actions
v4.3.1
61c813c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.3.1

Changed

  • Allow iam:TagPolicy to GS staff in order to update prerequisites IAM policies
  • Avoid Terraform replacing IAM role/policies if only description field changed
Assets 2
Loading

v4.3.0

05 Dec 09:53
@github-actions github-actions
v4.3.0
c7c116a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.3.0

Changed

  • Add support for removing some IAM permissions from the capa controller role in BYOVPC installations.
  • CAPA role CloudFormation template: switch from inline to managed policies for the CAPA IAM role.
  • Add CAPA permissions for ASG lifecycle hooks
  • Add support for AWS China
  • Add support for custom GS staff account
Assets 2
Loading

v4.2.0

05 Sep 09:11
@github-actions github-actions
v4.2.0
c85eddf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.2.0

Changed

  • Add support for Crossplane usage on the CAPA controller role
  • Add ability to import existing IAM resources into Terraform state for the CAPA controller role

Fixed

  • Fixed terraform file to use correct GiantSwarm root account for the user that will assume the capa-controller role.
Assets 2
Loading

v4.1.0

20 Aug 15:09
@github-actions github-actions
v4.1.0
e24aa40
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.1.0

Added

  • Add ec2:ReplaceRoute permissions to the CAPA controller role.
  • Add ec2:DescribeDhcpOptions permissions to the CAPA controller role, required by CAPA releases >= v2.4.0.

Added

  • For cluster cleanup purposes, add the permissions s3:GetBucketTagging and s3:ListAllMyBuckets in order to scan for buckets owned by a management/workload cluster. Those buckets may not have a fixed name pattern (e.g. include AWS region or other dynamic string) and therefore searching by "owned" tag allows us to find and delete all such resources.
  • For cluster cleanup purposes, tag all IAM roles and policies with the installation name, so they are easily identifiable during cleanup / teardown.
Assets 2
Loading

v4.0.0

16 Jul 07:45
@github-actions github-actions
v4.0.0
edbba9e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.0.0

Added

  • Add iam:ListRoleTags and iam:UntagRole permissions to the AWS operator role.
  • CAPA: add new mc-bootstrap policy to capa-controller role.
  • Add IAM policy for use with Crossplane AWS provider. The initial permissions are meant to be used with Cilium ENI mode.
  • CAPA: add autoscaling:CancelInstanceRefresh permission (needed for AWSMachinePool reconciler improvement)
  • Create a CloudFormation stack to manage the IAM policies and roles.

Changed

  • Use a setup script to automate CAPA controller commands.

Removed

  • Remove vintage setup instructions.
Assets 2
Loading

v3.4.0

16 Jan 09:41
@github-actions github-actions
v3.4.0
8ad2d09
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.4.0

Changed

  • Add S3 permission for CAPA polices in order to run on Flatcar.
  • Remove non-existent IAM actions.

Added

  • Add s3:PutBucketOwnershipControls to irsa policy. Needed because of this change in irsa-operator
  • Add "ec2:DescribeInstanceTypes" to the CAPA controller policy, as it's required by newest CAPA releases.
  • Add EKS permissions for managed node pools, encryption/identity provider configs, CIDR blocks, KMS.
Assets 2
Loading

v3.3.0

11 May 10:18
@taylorbot taylorbot
v3.3.0
f0b6dab
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.3.0

Changed

  • Add Workload cluster AWS account id to sqs and events IAM permission.
Assets 2
Loading

v3.2.0

27 Apr 08:04
@github-actions github-actions
v3.2.0
2866516
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.2.0

Added

  • Add SQS permission for NodeTerminationHandler/Karpenter.
  • Add Events permissions for NodeTerminationHandler/Karpenter.
  • Add ssm:GetParameter for NodeTerminationHandler/Karpenter.
Assets 2
Loading

v3.1.0

27 Apr 08:02
@github-actions github-actions
v3.1.0
947e954
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.1.0

Added

  • Add s3:PutBucketOwnershipControls permissions for GiantSwarmAWSOperator.
Assets 2
Loading