diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts index c449af08a407b..c5cda1b9e66eb 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts @@ -73,7 +73,10 @@ export class ClusterResource extends Construct { }); this.creationRole.addToPolicy(new iam.PolicyStatement({ - actions: [ 'ec2:DescribeSubnets' ], + actions: [ + 'ec2:DescribeSubnets', + 'ec2:DescribeRouteTables', + ], resources: [ '*' ], })); diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index 6138308e733c5..a1476ff383d49 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -782,7 +782,10 @@ } }, { - "Action": "ec2:DescribeSubnets", + "Action": [ + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables" + ], "Effect": "Allow", "Resource": "*" }, diff --git a/packages/@aws-cdk/aws-eks/test/test.cluster.ts b/packages/@aws-cdk/aws-eks/test/test.cluster.ts index 8cf5972ab6441..85ad1921528f8 100644 --- a/packages/@aws-cdk/aws-eks/test/test.cluster.ts +++ b/packages/@aws-cdk/aws-eks/test/test.cluster.ts @@ -866,7 +866,10 @@ export = { }, }, { - Action: 'ec2:DescribeSubnets', + Action: [ + 'ec2:DescribeSubnets', + 'ec2:DescribeRouteTables', + ], Effect: 'Allow', Resource: '*', }, @@ -977,7 +980,10 @@ export = { }, }, { - Action: 'ec2:DescribeSubnets', + Action: [ + 'ec2:DescribeSubnets', + 'ec2:DescribeRouteTables', + ], Effect: 'Allow', Resource: '*', },