From 5238f13e94b0c618d16f7d9894ba6bd2076b2bfa Mon Sep 17 00:00:00 2001
From: Ian Dominno <104934992+iadomi@users.noreply.github.com>
Date: Fri, 6 Sep 2024 15:25:16 -0400
Subject: [PATCH 1/2] fix: (PSKD-678) viya4-aws-iac creates an incomplete IAM
 policy for the autoscaler Service Account redo (#302)

---
 modules/aws_autoscaling/main.tf | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/modules/aws_autoscaling/main.tf b/modules/aws_autoscaling/main.tf
index 6db3fa0e..06d57d31 100644
--- a/modules/aws_autoscaling/main.tf
+++ b/modules/aws_autoscaling/main.tf
@@ -3,7 +3,7 @@
 
 
 # Permissions based off the IAM Policy recommended by kubernetes/autoscaler
-# https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.25.0/cluster-autoscaler/cloudprovider/aws/README.md
+# https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.36.0/cluster-autoscaler/cloudprovider/aws/README.md
 data "aws_iam_policy_document" "worker_autoscaling" {
   statement {
     sid    = "eksWorkerAutoscalingAll"
@@ -17,6 +17,9 @@ data "aws_iam_policy_document" "worker_autoscaling" {
       "autoscaling:DescribeTags",
       "ec2:DescribeInstanceTypes",
       "ec2:DescribeLaunchTemplateVersions",
+      "ec2:DescribeImages",
+      "ec2:GetInstanceTypesFromInstanceRequirements",
+      "eks:DescribeNodegroup"
     ]
 
     resources = ["*"]
@@ -29,10 +32,8 @@ data "aws_iam_policy_document" "worker_autoscaling" {
     actions = [
       "autoscaling:SetDesiredCapacity",
       "autoscaling:TerminateInstanceInAutoScalingGroup",
-      "autoscaling:UpdateAutoScalingGroup",
-      "ec2:DescribeImages",
-      "ec2:GetInstanceTypesFromInstanceRequirements",
-      "eks:DescribeNodegroup"
+      "autoscaling:UpdateAutoScalingGroup"
+      
     ]
 
     resources = ["*"]

From 1c015650ead465fc1331480cb072a23f4b78ca40 Mon Sep 17 00:00:00 2001
From: David Houck <dhoucgitter@users.noreply.github.com>
Date: Tue, 10 Sep 2024 11:42:55 -0400
Subject: [PATCH 2/2] (PSKD-434) AWS no longer has a default storage class with
 K8s 1.30 (#303)

* AWS no longer has default storage class with K8s 1.30

* Update patch SC comment

* Add internal ticket reference for aws-ebs-csi-driver update work
---
 main.tf | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/main.tf b/main.tf
index 75abff58..19ae41c1 100755
--- a/main.tf
+++ b/main.tf
@@ -225,6 +225,17 @@ module "kubeconfig" {
   depends_on = [module.eks.cluster_name] # The name/id of the EKS cluster. Will block on cluster creation until the cluster is really ready.
 }
 
+# Normally, the use of local-exec below is avoided. It is used here to patch the gp2 storage class as the default storage class for EKS 1.30 and later clusters.
+# PSKD-667 will track the move to a newer version of the aws-ebs-csi-driver creating a gp3 storage class which will then become the default storage class.
+resource "terraform_data" "run_command" {
+  count = var.kubernetes_version >= "1.30" ? 1 : 0
+  provisioner "local-exec" {
+    command = "kubectl --kubeconfig=${local.kubeconfig_path} patch storageclass gp2 --patch '{\"metadata\": {\"annotations\":{\"storageclass.kubernetes.io/is-default-class\":\"true\"}}}' "
+  }
+
+  depends_on = [module.kubeconfig] 
+}
+
 # Database Setup - https://registry.terraform.io/modules/terraform-aws-modules/rds/aws/6.2.0
 module "postgresql" {
   source  = "terraform-aws-modules/rds/aws"