Allow override policy documents to Velero

[zamir0109]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

What is the outcome that you are trying to reach?

Policy documents for Velero cannot be overwritten.

In my specific use case, I just want Velero to access to S3 bucket but no to EC2 backups stuff.

According to Terraform IAM policy data resource statements without SID cannot be overridden, which is the case for the statements defined here.

I tried setting the following values, but didn't work at all:

• velero.source_policy_documents
• velero.override_policy_documents
• velero.policy_statements

Describe the solution you would like

The policy's statements to have a SID so they can be overwritten.

Describe alternatives you have considered

Other workaround could be to add flags to specify whether or not to allow Velero to access EC2 and S3 services separately.