From fe37da1405a5d0e7ceb93692cfe8e92e1fdc1991 Mon Sep 17 00:00:00 2001
From: Yisheng Cai <yisheng.cai@streamnative.io>
Date: Mon, 10 Jul 2023 12:56:48 +0800
Subject: [PATCH] Fix aws lb iam policy

---
 .../aws_lb_controller_iam_policy.json.tpl     | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/modules/aws/files/aws_lb_controller_iam_policy.json.tpl b/modules/aws/files/aws_lb_controller_iam_policy.json.tpl
index e5c07c1..d63c42d 100644
--- a/modules/aws/files/aws_lb_controller_iam_policy.json.tpl
+++ b/modules/aws/files/aws_lb_controller_iam_policy.json.tpl
@@ -204,6 +204,28 @@
                 }
             }
         },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:AddTags"
+            ],
+            "Resource": [
+                "arn:${partition}:elasticloadbalancing:*:*:targetgroup/*/*",
+                "arn:${partition}:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+                "arn:${partition}:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+            ],
+            "Condition": {
+                "StringEquals": {
+                    "elasticloadbalancing:CreateAction": [
+                        "CreateTargetGroup",
+                        "CreateLoadBalancer"
+                    ]
+                },
+                "Null": {
+                    "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
         {
             "Effect": "Allow",
             "Action": [