Merge pull request #33 from quantosobra/master

Update IAM policy template
DNXLabs · Sep 27, 2023 · 148620d · 148620d
2 parents f29ab0d + 470bcc2
commit 148620d
Showing 1 changed file with 34 additions and 1 deletion.
diff --git a/iam.tf b/iam.tf
@@ -272,6 +272,39 @@ data "aws_iam_policy_document" "lb_controller" {
     effect = "Allow"
   }
 
+  statement {
+    actions = [
+      "elasticloadbalancing:AddTags"
+    ]
+
+    resources = [
+      "arn:${var.arn_format}:elasticloadbalancing:*:*:targetgroup/*/*",
+      "arn:${var.arn_format}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+      "arn:${var.arn_format}:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+    ]
+
+    condition {
+      test     = "StringEquals"
+      variable = "elasticloadbalancing:CreateAction"
+
+      values = [
+        "CreateTargetGroup",
+        "CreateLoadBalancer"
+      ]
+    }
+
+    condition {
+      test     = "Null"
+      variable = "aws:RequestTag/elbv2.k8s.aws/cluster"
+
+      values = [
+        "false"
+      ]
+    }
+
+    effect = "Allow"
+  }
+
   statement {
     actions = [
       "elasticloadbalancing:ModifyLoadBalancerAttributes",
@@ -372,4 +405,4 @@ resource "aws_iam_role_policy_attachment" "lb_controller" {
   count      = var.enabled ? 1 : 0
   role       = aws_iam_role.lb_controller[0].name
   policy_arn = aws_iam_policy.lb_controller[0].arn
-}
+}