diff --git a/main.tf b/main.tf index 2dffeea..ae0373b 100644 --- a/main.tf +++ b/main.tf @@ -83,14 +83,16 @@ resource "aws_iam_policy" "this" { path = local.aws_iam_path_prefix # We use a heredoc for the policy JSON so that we can more easily diff and # copy/paste from upstream. Ignore whitespace when you diff to more easily see the changes! - # Source: `curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.3.1/docs/install/iam_policy.json` + # Source: `curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.6.1/docs/install/iam_policy.json` policy = <<-POLICY { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", - "Action": "iam:CreateServiceLinkedRole", + "Action": [ + "iam:CreateServiceLinkedRole" + ], "Resource": "*", "Condition": { "StringEquals": { @@ -281,6 +283,28 @@ resource "aws_iam_policy" "this" { } } }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags" + ], + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ], + "Condition": { + "StringEquals": { + "elasticloadbalancing:CreateAction": [ + "CreateTargetGroup", + "CreateLoadBalancer" + ] + }, + "Null": { + "aws:RequestTag/elbv2.k8s.aws/cluster": "false" + } + } + }, { "Effect": "Allow", "Action": [ diff --git a/variables.tf b/variables.tf index 4e9495d..002dcd2 100644 --- a/variables.tf +++ b/variables.tf @@ -67,7 +67,7 @@ variable "aws_tags" { variable "aws_load_balancer_controller_chart_version" { description = "The AWS Load Balancer Controller version to use. See https://github.com/aws/eks-charts/releases/ and https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases for available versions" type = string - default = "1.3.3" + default = "2.6.1" } variable "alb_controller_depends_on" {