chore(eks): improve documentation for updating a cluster (#30259)

### Reason for this change In our EKS documentation, we note that you need to add a temporary policy to the cluster admin role for successful replacement when renaming a cluster. The temporary policy we recommend adding to the cluster admin role is: ```ts cluster.adminRole.addToPolicy(new iam.PolicyStatement({ actions: [ 'eks:DeleteCluster', ], resources: [ Stack.of(this).formatArn({ service: 'eks', resource: 'cluster', resourceName: 'foo' }), ] })) ``` Changing the cluster name is an update that requires replacement. This will cause the old cluster to be automatically deleted by CloudFormation upon success. Since this policy doesn't have the `eks:DescribeCluster` action, the delete will fail: <img width="893" alt="image" src="https://github.com/aws/aws-cdk/assets/131073567/bb3cf3ff-3a6d-48f9-b84d-c6d0b8a495a7"> ### Description of changes Added `eks:DescribeCluster` to the actions of the recommended temporary policy. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · May 17, 2024 · 4549cdf · 4549cdf
1 parent 8bac15d
commit 4549cdf
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/packages/aws-cdk-lib/aws-eks/README.md b/packages/aws-cdk-lib/aws-eks/README.md
@@ -400,7 +400,10 @@ const cluster = new eks.Cluster(this, 'cluster-to-rename', {
 
 // allow the cluster admin role to delete the cluster 'foo'
 cluster.adminRole.addToPolicy(new iam.PolicyStatement({
-  actions: ['eks:DeleteCluster'],
+  actions: [
+    'eks:DeleteCluster',
+    'eks:DescribeCluster',
+  ],
   resources: [ 
     Stack.of(this).formatArn({ service: 'eks', resource: 'cluster', resourceName: 'foo' }),
 ]