fix(eks): missing permissions to add and remove tags when creating EKS cluster resource (#7302)

Added missing permissions for `eks:TagResource` and `eks:UntagResource`.
Updated unit and integ test expectations to include the added permissions.

Closes #7163

Author: shivlaks

packages/@aws-cdk/aws-eks/lib/cluster-resource.ts

@@ -78,7 +78,16 @@ export class ClusterResource extends Construct {
     }));
 
     this.creationRole.addToPolicy(new iam.PolicyStatement({
-      actions: [ 'eks:CreateCluster', 'eks:DescribeCluster', 'eks:DeleteCluster', 'eks:UpdateClusterVersion', 'eks:UpdateClusterConfig', 'eks:CreateFargateProfile' ],
+      actions: [
+        'eks:CreateCluster',
+        'eks:DescribeCluster',
+        'eks:DeleteCluster',
+        'eks:UpdateClusterVersion',
+        'eks:UpdateClusterConfig',
+        'eks:CreateFargateProfile',
+        'eks:TagResource',
+        'eks:UntagResource'
+      ],
       resources: resourceArns
     }));
 

packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json

@@ -784,7 +784,9 @@
                 "eks:DeleteCluster",
                 "eks:UpdateClusterVersion",
                 "eks:UpdateClusterConfig",
-                "eks:CreateFargateProfile"
+                "eks:CreateFargateProfile",
+                "eks:TagResource",
+                "eks:UntagResource"
               ],
               "Effect": "Allow",
               "Resource": [

packages/@aws-cdk/aws-eks/test/test.cluster.ts

@@ -718,7 +718,9 @@ export = {
                 'eks:DeleteCluster',
                 'eks:UpdateClusterVersion',
                 'eks:UpdateClusterConfig',
-                'eks:CreateFargateProfile'
+                'eks:CreateFargateProfile',
+                'eks:TagResource',
+                'eks:UntagResource'
               ],
               Effect: 'Allow',
               Resource: [ {
@@ -826,7 +828,9 @@ export = {
                 'eks:DeleteCluster',
                 'eks:UpdateClusterVersion',
                 'eks:UpdateClusterConfig',
-                'eks:CreateFargateProfile'
+                'eks:CreateFargateProfile',
+                'eks:TagResource',
+                'eks:UntagResource'
               ],
               Effect: 'Allow',
               Resource: [ '*' ]