EKS IAM permissions

[BeyondEvil]

When using EKS Pod Identity (or IRSA) to give ArgoCD access to "outside" clusters, the documentation says to give the IAM role the AmazonEKSClusterAdminPolicy policy.

This policy is very permissive, and I doubt ArgoCD needs all of it.

So, if one wants to follow the principle of least privileges, what permissions does ArgoCD really need?

[FernandoMiguel]

I believe this is a canned policy and that AWS directly maps to cluster admin.
you can create your own policy, cluster role bind, and add whatever k8s permissions you think your argo needs.
but that is going to be a very large list