fix: Update ExternalDNS IRSA policy to work properly with multiple Ro…

…ute53 hosted zones (#1474)
aws-ia · Mar 15, 2023 · 5ac283c · 5ac283c
1 parent 257e021
commit 5ac283c
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/modules/kubernetes-addons/external-dns/data.tf b/modules/kubernetes-addons/external-dns/data.tf
@@ -5,15 +5,15 @@ data "aws_iam_policy_document" "external_dns_iam_policy_document" {
       [data.aws_route53_zone.selected.arn],
       var.route53_zone_arns
     ))
-    actions = [
-      "route53:ChangeResourceRecordSets",
-      "route53:ListResourceRecordSets",
-    ]
+    actions = ["route53:ChangeResourceRecordSets"]
   }
 
   statement {
     effect    = "Allow"
     resources = ["*"]
-    actions   = ["route53:ListHostedZones"]
+    actions   = [
+      "route53:ListHostedZones",
+      "route53:ListResourceRecordSets",
+    ]
   }
 }