1 Answer
- Newest
- Most votes
- Most comments
0
The policy you shared seems to be for an API Gateway, not for AppSync. For AppSync, you would typically use an interface VPC endpoint.
When using the EKS module, you should specify the service_account_role_arn under the vpc-cni addon and not attach the cni_policy to the node role. This is how you can use an IRSA role with EKS.
Relevant content
- asked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- How do I use an interface VPC endpoint to access an API Gateway private REST API in another account?AWS OFFICIALUpdated 8 months ago
Thank you so much for replying. So currently, we have EKS with IRSA role enabled. I have added this in role
{ "Action": [ "appsync:GraphQL" ], "Effect": "Allow", "Resource": [ "arn:aws:appsync:region:account:apis/appsync id" ]
Now, I have created a vpc privatelink/endpoint. While creating that an option came to select full policy or custom policy. In custom policy what should I add as my organization is not allowing me to select Full access?