---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: controller-role
rules:
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
  - update
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
  - list
  - patch
  - watch
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes/status
  verbs:
  - get
  - patch
- apiGroups:
  - ""
  resources:
  - serviceaccounts
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - crd.k8s.amazonaws.com
  resources:
  - eniconfigs
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - vpcresources.k8s.aws
  resources:
  - cninodes
  verbs:
  - create
  - get
  - list
  - watch
- apiGroups:
  - vpcresources.k8s.aws
  resources:
  - securitygrouppolicies
  verbs:
  - get
  - list
  - watch

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  creationTimestamp: null
  name: controller-role
  namespace: kube-system
rules:
- apiGroups:
  - apps
  resourceNames:
  - vpc-resource-controller
  resources:
  - deployments
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resourceNames:
  - amazon-vpc-cni
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch