giantswarm · mcharriere · Jul 20, 2023 · Jul 20, 2023 · Jul 20, 2023 · Jul 20, 2023
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Update IAM policy for AWS LoadBalancer Controller.
+
 ## [14.19.0] - 2023-07-14
 
 ### Added

@@ -352,6 +352,20 @@ const TemplateMainIAMPolicies = `
             Condition:
               'Null':
                 'aws:ResourceTag/elbv2.k8s.aws/cluster': 'false'
+          - Effect: Allow
+            Action:
+              - 'elasticloadbalancing:AddTags'
+            Resource:
+              - "arn:{{ .IAMPolicies.RegionARN }}:elasticloadbalancing:*:*:targetgroup/*/*",
+              - "arn:{{ .IAMPolicies.RegionARN }}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+              - "arn:{{ .IAMPolicies.RegionARN }}:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+            Condition:
+              StringEquals:
+                'elasticloadbalancing:CreateAction':
+                  - CreateTargetGroup
+                  - CreateLoadBalancer
+              Null:
+                'aws:RequestTag/elbv2.k8s.aws/cluster': 'false'
           - Effect: Allow
             Action:
               - 'elasticloadbalancing:RegisterTargets'