Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Update AWS load balancer controller IAM policy to align with latest policy provided by the LBC project #229

Merged
merged 2 commits into from
Aug 15, 2023
Merged

feat: Update AWS load balancer controller IAM policy to align with latest policy provided by the LBC project #229

merged 2 commits into from
Aug 15, 2023

Conversation

bryantbiggs
Copy link
Contributor

@bryantbiggs bryantbiggs commented Aug 15, 2023
edited
Loading

What does this PR do?

  • Update AWS load balancer controller IAM policy to align with latest policy provided by the LBC project
  • Update AWS load balancer controller chart to latest version

Motivation

More

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • Yes, I ran pre-commit run -a with this PR

For Moderators

  • E2E Test successfully complete before merge?

Additional Notes

@bryantbiggs bryantbiggs requested a review from a team as a code owner August 15, 2023 14:33
askulkarni2
askulkarni2 approved these changes Aug 15, 2023
View reviewed changes
Copy link
Contributor

@askulkarni2 askulkarni2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we bump the the lbc version while we are at it?

@bryantbiggs bryantbiggs merged commit 60f4f8c into main Aug 15, 2023
@bryantbiggs bryantbiggs deleted the feat/update-aws-lbc-policy branch August 15, 2023 14:51
@surajkota surajkota mentioned this pull request Aug 15, 2023
Closed
2 tasks
@cdesch cdesch mentioned this pull request Aug 15, 2023
Closed
1 task
@dwgillies-bluescape
Copy link

I don't think this will actually fix the problem flagged by the AWS automatic scanner.

  • elasticloadbalancing:CreateLoadBalancer

can be performed on any resource.

  • elasticloadbalancing:AddTags

can only be performed on a select set of resources. According to the email I got, it must be performable on any resource that CreateLoadBalancer can affect, to satisfy the scanner. If the CreateLoadBalancer and AddTags operation only happen to operate on the same resources, then thats good but they probably should match to avoid problems down the road if the scope of CreateLoadBalancer ever grows or the scope of AddTags ever shrinks. They should probably be merged into a single policy Statement for safety down the road.

@bryantbiggs
Copy link
Contributor Author

The policy here matches the policy specified by the AWS load balancer controller project

@bryantbiggs bryantbiggs mentioned this pull request Aug 29, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@askulkarni2 askulkarni2 askulkarni2 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@bryantbiggs @dwgillies-bluescape @askulkarni2