aws-load-balancer-controller not authorized to addTags on Target groups #1683
Comments
|
duplicate of aws-ia/terraform-aws-eks-blueprints-addons#200 |
|
Hi @bryantbiggs , Statement seems to be missing in https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/v4.32.1/modules/kubernetes-addons/aws-load-balancer-controller/data.tf |
|
no - |
|
Are you talking about v5 or it applies also to v4? |
|
v4 is no longer supported so this is in reference to v5 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Hey, Seems like AWS made an API change on the requirement of explicit elasticloadbalancing:AddTags permission for creating resources, and potentially affect new AWS accounts. As described here
It can be easily fixed by applying the new iam-policy.json template provided here
Versions
Module version [4.31]:
Terraform version: 1.52
Provider version(s): AWS - 4.61
EKS version: 1.24
Reproduction Code [Required]
simply:
module "kubernetes_addons" {
source = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.28.0/modules/kubernetes-addons"
eks_cluster_id = var.eks_cluster_name
eks_cluster_endpoint = var.eks_cluster_endpoint
eks_oidc_provider = var.eks_oidc_provider
eks_cluster_version = var.eks_cluster_version
enable_aws_load_balancer_controller = var.enable_aws_load_balancer_controller
}
Expected behaviour
aws-load-balancer-controller should detect ingress resources and expose a load balancer according to the configuration
Actual behaviour
failed to reconcile due to policy issues mentioned
I know for a fact that not all AWS accounts are impacted by this, but for some reason new accounts do.
Thanks!
The text was updated successfully, but these errors were encountered: