+resource "aws_iam_policy" "compute_node_ebs_autoscaler" {
+ name = "${local.cluster_name}_compute_node_ebs_autoscaler"
+ policy = jsonencode({
+ Version: "2012-10-17",
+ Id: "compute-node EBS Autoscaler policy",
+ Statement: [{
+ Effect: "Allow",
+ Action: [
+ "ec2:AttachVolume",
+ "ec2:DescribeVolumeStatus",
+ "ec2:DescribeVolumes",
+ "ec2:DescribeTags",
+ "ec2:ModifyInstanceAttribute",
+ "ec2:DescribeVolumeAttribute",
+ "ec2:CreateVolume",
+ "ec2:DeleteVolume",
+ "ec2:CreateTags"
+ ],
+ Resource: "*"
+ }]
+ })
+}
+
+resource "aws_iam_policy_attachment" "compute_node_ebs_autoscaler_attachment" {
+ name = "${local.cluster_name}_compute_node_ebs_autoscaler_attachment"
+ roles = [ local.compute_node_iam_role_name ]
+ policy_arn = aws_iam_policy.compute_node_ebs_autoscaler.arn
+}
+