From 1232351e2f5be7ca5453930d90e5c9961363ae03 Mon Sep 17 00:00:00 2001
From: hendryanw <hendry.anwar@live.com>
Date: Wed, 21 Jun 2023 15:45:17 +0700
Subject: [PATCH] Update AWS Load Balancer Controller Addon IAM Policy to fix
 permission issue during ALB ingress creation.

---
 .../aws-loadbalancer-controller/iam-policy.ts | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/lib/addons/aws-loadbalancer-controller/iam-policy.ts b/lib/addons/aws-loadbalancer-controller/iam-policy.ts
index 7980b1895..3e91b1fe6 100644
--- a/lib/addons/aws-loadbalancer-controller/iam-policy.ts
+++ b/lib/addons/aws-loadbalancer-controller/iam-policy.ts
@@ -195,6 +195,28 @@ export const AwsLoadbalancerControllerIamPolicy = (partition: string) => {
                     }
                 }
             },
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "elasticloadbalancing:AddTags"
+                ],
+                "Resource": [
+                    `arn:${partition}:elasticloadbalancing:*:*:targetgroup/*/*`,
+                    `arn:${partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*`,
+                    `arn:${partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*`
+                ],
+                "Condition": {
+                    "StringEquals": {
+                        "elasticloadbalancing:CreateAction": [
+                            "CreateTargetGroup",
+                            "CreateLoadBalancer"
+                        ]
+                    },
+                    "Null": {
+                        "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+                    }
+                }
+            },
             {
                 "Effect": "Allow",
                 "Action": [