[aws-eks] Use only Service Linked Role for EKS clusters

[pahud]

❓ General Issue

Amazon EKS now supports service link roles
https://aws.amazon.com/about-aws/whats-new/2020/04/amazon-eks-supports-service-linked-roles/?nc1=h_ls

According to the eks user guide

Prior to April 16, 2020, AmazonEKSServicePolicy was also required and the suggested name was eksServiceRole. With the AWSServiceRoleForAmazonEKS service-linked role, that policy is no longer required.

eksctl just released 0.18.0 and removed the AmazonEKSServicePolicy from the cluster role.

eksctl-io/eksctl#2079

I was wondering if it's safe just remove this policy from the cluster role?

aws-cdk/packages/@aws-cdk/aws-eks/lib/cluster.ts

Line 371 in 1ee629e

iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSServicePolicy'),

The Question

Environment

• CDK CLI Version: 1.35.0
• Module Version: aws-eks
• OS: mac os x
• Language: all

Other information

[pahud]

copy @eladb

[eladb]

@pahud can you run a couple of tests to ensure this works?