@@ -17,7 +17,6 @@ data "aws_iam_policy_document" "aws_gateway_controller" {
17
17
}
18
18
}
19
19
20
-
21
20
resource "aws_iam_policy" "aws_gateway_controller" {
22
21
count = var. create_role && var. attach_aws_gateway_controller_policy ? 1 : 0
23
22
@@ -859,6 +858,7 @@ data "aws_iam_policy_document" "load_balancer_controller" {
859
858
" ec2:DescribeCoipPools" ,
860
859
" ec2:GetSecurityGroupsForVpc" ,
861
860
" ec2:DescribeIpamPools" ,
861
+ " ec2:DescribeRouteTables" ,
862
862
" elasticloadbalancing:DescribeLoadBalancers" ,
863
863
" elasticloadbalancing:DescribeLoadBalancerAttributes" ,
864
864
" elasticloadbalancing:DescribeListeners" ,
@@ -903,6 +903,12 @@ data "aws_iam_policy_document" "load_balancer_controller" {
903
903
actions = [
904
904
" ec2:AuthorizeSecurityGroupIngress" ,
905
905
" ec2:RevokeSecurityGroupIngress" ,
906
+ ]
907
+ resources = [" *" ]
908
+ }
909
+
910
+ statement {
911
+ actions = [
906
912
" ec2:CreateSecurityGroup" ,
907
913
]
908
914
resources = [" *" ]
@@ -962,7 +968,6 @@ data "aws_iam_policy_document" "load_balancer_controller" {
962
968
963
969
statement {
964
970
actions = [
965
- " elasticloadbalancing:AddTags" ,
966
971
" elasticloadbalancing:CreateLoadBalancer" ,
967
972
" elasticloadbalancing:CreateTargetGroup" ,
968
973
]
@@ -977,7 +982,6 @@ data "aws_iam_policy_document" "load_balancer_controller" {
977
982
978
983
statement {
979
984
actions = [
980
- " elasticloadbalancing:AddTags" ,
981
985
" elasticloadbalancing:CreateListener" ,
982
986
" elasticloadbalancing:DeleteListener" ,
983
987
" elasticloadbalancing:CreateRule" ,
0 commit comments