Merge pull request #24 from kabisa/feat/iam-permissions

Update IAM policy
kabisa · Jan 5, 2024 · e4e6388 · e4e6388
2 parents 7c1639b + 7c6b48e
commit e4e6388
Showing 1 changed file with 31 additions and 7 deletions.
diff --git a/policy.tf b/policy.tf
@@ -1,9 +1,3 @@
-# Generated based on: https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/docs/install/iam_policy.json
-# Commit version:     https://github.com/kubernetes-sigs/aws-load-balancer-controller/commit/cc59a8c6bd521f2e334b81cb0132652fbb3f5d9d
-# Tool used:          https://github.com/flosell/iam-policy-json-to-terraform
-# Matches chart:      version: 1.4.1
-#                     appVersion: v2.4.1
-
 
 data "aws_iam_policy_document" "policy" {
   statement {
@@ -230,6 +224,36 @@ data "aws_iam_policy_document" "policy" {
     ]
   }
 
+  statement {
+    sid    = ""
+    effect = "Allow"
+
+    resources = [
+      "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
+      "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+      "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+    ]
+
+    actions = [
+      "elasticloadbalancing:AddTags",
+    ]
+
+    condition {
+      test     = "StringEquals"
+      variable = "elasticloadbalancing:CreateAction"
+      values = [
+        "CreateTargetGroup",
+        "CreateLoadBalancer"
+      ]
+    }
+
+    condition {
+      test     = "Null"
+      variable = "aws:ResourceTag/elbv2.k8s.aws/cluster"
+      values   = ["false"]
+    }
+  }
+
   statement {
     sid       = ""
     effect    = "Allow"
@@ -277,4 +301,4 @@ data "aws_iam_policy_document" "policy" {
       "elasticloadbalancing:ModifyRule",
     ]
   }
-}
+}