Grant read only access to eks for the view only policy

[zendern]

Why is this change necessary?

the view only policy does not allow viewing EKS via the console/api.

How does this change address the issue?

Grants read only access to EKS. Also renames a method to be more generic since its not only state related with this change

What side effects does this change have?

More permissions granted

How is this change tested?

CI and propagation down to repo that is using this template

Summary by CodeRabbit

• New Features

  • Added EKS view-only permissions to list and describe clusters.

• Refactor

  • Updated policy naming for improved clarity and consistency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

Refactored IAM policy factory function by renaming create_read_state_inline_policy to create_inline_view_only_policy across the identity center module. Updated corresponding imports and added EKS cluster read permissions (DescribeCluster, ListClusters) to the generated policy.

Changes

Cohort / File(s)	Summary
Identity Center IAM Policy Refactoring template/src/aws_central_infrastructure/{% if initial_iac_management_deploy_occurred %}identity_center{% endif %}/lib/__init__.py	Updated public export: renamed imported function from create_read_state_inline_policy to create_inline_view_only_policy
Identity Center IAM Policy Refactoring template/src/aws_central_infrastructure/{% if initial_iac_management_deploy_occurred %}identity_center{% endif %}/lib/lib.py	Renamed function create_read_state_inline_policy() to create_inline_view_only_policy(); added new IAM policy statement granting eks:DescribeCluster and eks:ListClusters permissions on all resources
Identity Center IAM Policy Refactoring template/src/aws_central_infrastructure/{% if initial_iac_management_deploy_occurred %}identity_center{% endif %}/lib/permissions.py	Updated import and usage to reference create_inline_view_only_policy in VIEW_ONLY_PERM_SET_CONTAINER configuration

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: granting EKS read-only access to the view-only policy, which matches the primary objective of the changeset.
Description check	✅ Passed	The pull request description covers all major template sections: why the change is necessary, how it addresses the issue, side effects, and testing approach. All required information is present and complete.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ejfine]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.