Add latest changes from gitlab-org/gitlab@master

1 files changed, 47 insertions, 0 deletions

diff --git a/doc/user/infrastructure/clusters/connect/new_eks_cluster.md b/doc/user/infrastructure/clusters/connect/new_eks_cluster.md
index 8a5c32150c9..cefa8885bfe 100644
--- a/doc/user/infrastructure/clusters/connect/new_eks_cluster.md
+++ b/doc/user/infrastructure/clusters/connect/new_eks_cluster.md
@@ -60,6 +60,53 @@ To create a GitLab agent for Kubernetes:
 1. GitLab generates a registration token for the agent. Securely store this secret token, as you will need it later.
 1. GitLab provides an address for the agent server (KAS), which you will also need later.
 
+## Set up AWS credentials
+
+Set up your AWS credentials when you want to authenticate AWS with GitLab.
+
+1. Create an [IAM User](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html) or [IAM Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html).
+1. Make sure that your IAM user or role has the appropriate permissions for your project. For this example project, you must have the permissions shown below. You can expand this when you set up your own project.
+
+    ```json
+    // IAM custom Policy definition
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+          {
+              "Sid": "VisualEditor0",
+              "Effect": "Allow",
+              "Action": [
+                  "ec2:*",
+                  "eks:*",
+                  "elasticloadbalancing:*",
+                  "autoscaling:*",
+                  "cloudwatch:*",
+                  "logs:*",
+                  "kms:DescribeKey",
+                  "iam:AddRoleToInstanceProfile",
+                  "iam:AttachRolePolicy",
+                  "iam:CreateInstanceProfile",
+                  "iam:CreateRole",
+                  "iam:CreateServiceLinkedRole",
+                  "iam:GetRole",
+                  "iam:ListAttachedRolePolicies",
+                  "iam:ListRolePolicies",
+                  "iam:ListRoles",
+                  "iam:PassRole",
+                  // required for destroy step
+                  "iam:DetachRolePolicy",
+                  "iam:ListInstanceProfilesForRole",
+                  "iam:DeleteRole"
+              ],
+              "Resource": "*"
+          }
+      ]
+    }
+    ```
+
+1. [Create an access key for the user or role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html).
+1. Save your access key and secret. You need these to authenticate AWS with GitLab.
+
 ## Configure your project
 
 Use CI/CD environment variables to configure your project.