diff --git a/pkg/cfn/builder/karpenter.go b/pkg/cfn/builder/karpenter.go index 3982598ac5..18531f9df8 100644 --- a/pkg/cfn/builder/karpenter.go +++ b/pkg/cfn/builder/karpenter.go @@ -49,6 +49,7 @@ const ( ec2TerminateInstances = "ec2:TerminateInstances" ec2DescribeImages = "ec2:DescribeImages" ec2DescribeSpotPriceHistory = "ec2:DescribeSpotPriceHistory" + ec2DescribeCapacityReservations = "ec2:DescribeCapacityReservations" // IAM iamPassRole = "iam:PassRole" iamCreateServiceLinkedRole = "iam:CreateServiceLinkedRole" @@ -175,6 +176,7 @@ func (k *KarpenterResourceSet) addResourcesForKarpenter() error { ec2TerminateInstances, ec2DescribeImages, ec2DescribeSpotPriceHistory, + ec2DescribeCapacityReservations, iamPassRole, iamCreateServiceLinkedRole, iamGetInstanceProfile, diff --git a/pkg/cfn/builder/karpenter_test.go b/pkg/cfn/builder/karpenter_test.go index f68aec3baa..8269cdcddc 100644 --- a/pkg/cfn/builder/karpenter_test.go +++ b/pkg/cfn/builder/karpenter_test.go @@ -137,6 +137,7 @@ var expectedTemplate = `{ "ec2:TerminateInstances", "ec2:DescribeImages", "ec2:DescribeSpotPriceHistory", + "ec2:DescribeCapacityReservations", "iam:PassRole", "iam:CreateServiceLinkedRole", "iam:GetInstanceProfile", @@ -297,6 +298,7 @@ var expectedTemplateWithPermissionBoundary = `{ "ec2:TerminateInstances", "ec2:DescribeImages", "ec2:DescribeSpotPriceHistory", + "ec2:DescribeCapacityReservations", "iam:PassRole", "iam:CreateServiceLinkedRole", "iam:GetInstanceProfile", @@ -482,6 +484,7 @@ var expectedTemplateWithSpotInterruptionQueue = `{ "ec2:TerminateInstances", "ec2:DescribeImages", "ec2:DescribeSpotPriceHistory", + "ec2:DescribeCapacityReservations", "iam:PassRole", "iam:CreateServiceLinkedRole", "iam:GetInstanceProfile",