https://github.com/kubernetes-sigs/aws-efs-csi-driver/commit/cd41c38c9902505e14337d4967f929027ce6c417
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticfilesystem:CreateAccessPoint"
],
"Resource": "*",
"Condition": {
"StringLike": {
"aws:RequestTag/efs.csi.aws.com/cluster": "true"
}
}
},
+ {
+ "Effect": "Allow",
+ "Action": [
+ "elasticfilesystem:TagResource"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/efs.csi.aws.com/cluster": "true"
+ }
+ }
+ },
{
"Effect": "Allow",
"Action": "elasticfilesystem:DeleteAccessPoint",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/efs.csi.aws.com/cluster": "true"
}
}
}
]
