Merge pull request #31 from ranikamadurawe/main-fix

Update IAM policy to fix bug in IAM Policy in EKS LB
wso2 · Aug 9, 2023 · c3c57d6 · c3c57d6
2 parents ba4861d + 9efae83
commit c3c57d6
Showing 1 changed file with 24 additions and 2 deletions.
diff --git a/modules/aws/EKS-Cluster/iam_role.tf b/modules/aws/EKS-Cluster/iam_role.tf
@@ -313,8 +313,30 @@ resource "aws_iam_policy" "cluster_loadbalancer_policy" {
         }
       },
       {
-        Effect : "Allow",
-        Action : [
+        "Effect" : "Allow",
+        "Action" : [
+          "elasticloadbalancing:AddTags"
+        ],
+        "Resource" : [
+          "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
+          "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*",
+          "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
+        ],
+        "Condition" : {
+          "StringEquals" : {
+            "elasticloadbalancing:CreateAction" : [
+              "CreateTargetGroup",
+              "CreateLoadBalancer"
+            ]
+          },
+          "Null" : {
+            "aws:RequestTag/elbv2.k8s.aws/cluster" : "false"
+          }
+        }
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : [
           "elasticloadbalancing:RegisterTargets",
           "elasticloadbalancing:DeregisterTargets"
         ],