What feature/behavior/change do you want?

eksctl by default creates a cluster IAM role which contain two custom inline IAM policies called "eksctl-xxx-cluster-PolicyCloudWatchMetrics" to allow "cloudwatch:PutMetricData" and "eksctl-xxx-cluster-PolicyELBPermissions" to allow three EC2 API related calls "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses" and "ec2:DescribeInternetGateways"

These IAM policies are no longer needed.

Why do you want this feature?

eksctl already attaches the AWS managed IAM policy AmazonEKSClusterPolicy which contains all permission from custom inline policy "eksctl-xxx-cluster-PolicyELBPermissions". So we can safely remove "eksctl-xxx-cluster-PolicyELBPermissions".

"eksctl-xxx-cluster-PolicyCloudWatchMetrics" custom inline policy was introduced to solve issue CloudWatch Metrics for AWS CNI plugin #278. Pushing CNI metrics to CloudWatch is part of worker node responsibility and has nothing to do with control plane and EKS cluster policy. Using least privilege AWS recommends using IAM roles for service account (IRSA) , which is possible for AWS VPC CNI as well. So there is even no need to put this policy on worker nodes but rather make this part of AWS VPC CNI IRSA role. So we can drop "eksctl-xxx-cluster-PolicyCloudWatchMetrics" as well.