Access & Permissions

This section defines which AWS IAM permissions Quix requires to operate and maintain your environment.

Quix separates responsibilities into two categories:

Kubernetes Administration – maintaining the Quix platform inside the Kubernetes cluster.
Kubernetes Infrastructure Management – maintaining the underlying AWS infrastructure powering the cluster (optional, customer decides).

1. Permissions for Quix Kubernetes Administration (Recommended Minimum)

These permissions allow Quix engineers to:

Authenticate into your EKS cluster
Access and manage only the Kubernetes workloads required for the Quix platform
No access to additional AWS infrastructure
You, the customer, remain responsible for all AWS-side infrastructure such as VPCs, NAT gateways, node groups, network policies, and IAM roles not related to Quix

IAM Policy Requirements

Attach the following policy to the IAM role you delegate for Quix access (e.g., QuixClusterAdminRole).

Replace the variables:

{{ACCOUNT_ID}}
{{REGION}}
{{CLUSTER_NAME}}

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ListEKSClusters",
      "Effect": "Allow",
      "Action": "eks:ListClusters",
      "Resource": "*"
    },
    {
      "Sid": "DescribeSpecificCluster",
      "Effect": "Allow",
      "Action": "eks:DescribeCluster",
      "Resource": "arn:aws:eks:{{REGION}}:{{ACCOUNT_ID}}:cluster/{{CLUSTER_NAME}}"
    },
    {
      "Sid": "AccessKubernetesApiOnThisCluster",
      "Effect": "Allow",
      "Action": "eks:AccessKubernetesApi",
      "Resource": "arn:aws:eks:{{REGION}}:{{ACCOUNT_ID}}:cluster/{{CLUSTER_NAME}}"
    }
  ]
}

Access & Permissions

1. Permissions for Quix Kubernetes Administration (Recommended Minimum)

IAM Policy Requirements

Kubernetes RBAC Mapping