iam-role-for-service-accounts-eks has invalid policy for new aws accounts when attach_load_balancer_controller_policy = true

[Apollorion]

The following two issues are also effecting the policy stored in terraform on this repo

kubernetes-sigs/aws-load-balancer-controller#2692
kubernetes-sigs/aws-load-balancer-controller#3046

Basically, the 2 condition's here are wrong.

[bryantbiggs]

I am sorry but I am not following - can you please provide the information requested in the issue template

[Apollorion]

kubernetes-sigs/aws-load-balancer-controller#3046

They are updating the documented load balancer controller iam policy, which this repo replicates (its even linked here). Im just doing you a courtesy of letting you know. You guys need to update your policy in modules/iam-role-for-service-accounts-eks/policies.tf to match the recommendation of the upstream policy.

To be clear, that PR isnt merged yet, so it could change. But its current state is incorrect (as well as the one hosted in this repository). So it will change, its just a matter of when.

[bryantbiggs]

ahhh, ok! Now that makes sense - got it! Thank you, I've subscribed to those linked issue/PR

[Apollorion]

Just a heads up, they've merged the policy change kubernetes-sigs/aws-load-balancer-controller#3046

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[michelzanini]

Hi, they have merged the permissions and I have a PR to update them here. Please have a look. Thanks.

[antonbabenko]

This issue has been resolved in version 5.16.0 🎉

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.