fix: allow detach instance profile (#117)

maxsxu · web-flow · commit ac58095a118a · 2025-02-26T11:32:57.000+08:00
## Motivation Karpenter need manage the instance profile directly rather than managed node groups. The role is managed here: https://github.com/streamnative/terraform-aws-cloud/blob/master/main.tf#L435 Signed-off-by: Max Xu <xuhuan@live.cn>
diff --git a/modules/aws/vendor-access/files/provision2.json.tpl b/modules/aws/vendor-access/files/provision2.json.tpl
@@ -217,7 +217,8 @@
       "Resource": [
         "arn:${partition}:iam::${account_id}:role/StreamNative/*",
         "arn:${partition}:iam::${account_id}:policy/StreamNative/*",
-        "arn:${partition}:iam::${account_id}:oidc-provider/*"
+        "arn:${partition}:iam::${account_id}:oidc-provider/*",
+        "arn:${partition}:iam::${account_id}:instance-profile/*"
       ],
       "Condition": {
         "StringEquals": {
