From 9333126df4f59554fae672a6511d5ae3fbee3171 Mon Sep 17 00:00:00 2001
From: Jeffrey Nelson <jdnelson@amazon.com>
Date: Wed, 22 Feb 2023 20:31:06 -0600
Subject: [PATCH] update recommended IAM policy template (#3068)

---
 docs/install/iam_policy.json        | 22 ++++++++++++++++++++++
 docs/install/iam_policy_cn.json     | 22 ++++++++++++++++++++++
 docs/install/iam_policy_us-gov.json | 22 ++++++++++++++++++++++
 3 files changed, 66 insertions(+)

diff --git a/docs/install/iam_policy.json b/docs/install/iam_policy.json
index a8d47c8ba..7944f2a12 100644
--- a/docs/install/iam_policy.json
+++ b/docs/install/iam_policy.json
@@ -196,6 +196,28 @@
                 }
             }
         },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:AddTags"
+            ],
+            "Resource": [
+                "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
+                "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+                "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+            ],
+            "Condition": {
+                "StringEquals": {
+                    "elasticloadbalancing:CreateAction": [
+                        "CreateTargetGroup",
+                        "CreateLoadBalancer"
+                    ]
+                },
+                "Null": {
+                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
         {
             "Effect": "Allow",
             "Action": [
diff --git a/docs/install/iam_policy_cn.json b/docs/install/iam_policy_cn.json
index f545a2a35..a0d5edd5c 100644
--- a/docs/install/iam_policy_cn.json
+++ b/docs/install/iam_policy_cn.json
@@ -177,6 +177,28 @@
                 "arn:aws-cn:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
             ]
         },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:AddTags"
+            ],
+            "Resource": [
+                "arn:aws-cn:elasticloadbalancing:*:*:targetgroup/*/*",
+                "arn:aws-cn:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+                "arn:aws-cn:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+            ],
+            "Condition": {
+                "StringEquals": {
+                    "elasticloadbalancing:CreateAction": [
+                        "CreateTargetGroup",
+                        "CreateLoadBalancer"
+                    ]
+                },
+                "Null": {
+                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
         {
             "Effect": "Allow",
             "Action": [
diff --git a/docs/install/iam_policy_us-gov.json b/docs/install/iam_policy_us-gov.json
index f6acb4ead..85a4ba214 100644
--- a/docs/install/iam_policy_us-gov.json
+++ b/docs/install/iam_policy_us-gov.json
@@ -177,6 +177,28 @@
                 "arn:aws-us-gov:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
             ]
         },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:AddTags"
+            ],
+            "Resource": [
+                "arn:aws-us-gov:elasticloadbalancing:*:*:targetgroup/*/*",
+                "arn:aws-us-gov:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+                "arn:aws-us-gov:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+            ],
+            "Condition": {
+                "StringEquals": {
+                    "elasticloadbalancing:CreateAction": [
+                        "CreateTargetGroup",
+                        "CreateLoadBalancer"
+                    ]
+                },
+                "Null": {
+                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
         {
             "Effect": "Allow",
             "Action": [