feat: Update AWS Load Balancer controller policy to match v2.13 of the upstream project (#573)

Signed-off-by: Bryant Biggs <[email protected]>
Co-authored-by: Bryant Biggs <[email protected]>

Author: RafiGreenberg

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.99.0
+    rev: v1.99.1
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each

modules/iam-role-for-service-accounts-eks/policies.tf

@@ -17,7 +17,6 @@ data "aws_iam_policy_document" "aws_gateway_controller" {
   }
 }
 
-
 resource "aws_iam_policy" "aws_gateway_controller" {
   count = var.create_role && var.attach_aws_gateway_controller_policy ? 1 : 0
 
@@ -859,6 +858,7 @@ data "aws_iam_policy_document" "load_balancer_controller" {
       "ec2:DescribeCoipPools",
       "ec2:GetSecurityGroupsForVpc",
       "ec2:DescribeIpamPools",
+      "ec2:DescribeRouteTables",
       "elasticloadbalancing:DescribeLoadBalancers",
       "elasticloadbalancing:DescribeLoadBalancerAttributes",
       "elasticloadbalancing:DescribeListeners",
@@ -903,6 +903,12 @@ data "aws_iam_policy_document" "load_balancer_controller" {
     actions = [
       "ec2:AuthorizeSecurityGroupIngress",
       "ec2:RevokeSecurityGroupIngress",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    actions = [
       "ec2:CreateSecurityGroup",
     ]
     resources = ["*"]
@@ -962,7 +968,6 @@ data "aws_iam_policy_document" "load_balancer_controller" {
 
   statement {
     actions = [
-      "elasticloadbalancing:AddTags",
       "elasticloadbalancing:CreateLoadBalancer",
       "elasticloadbalancing:CreateTargetGroup",
     ]
@@ -977,7 +982,6 @@ data "aws_iam_policy_document" "load_balancer_controller" {
 
   statement {
     actions = [
-      "elasticloadbalancing:AddTags",
       "elasticloadbalancing:CreateListener",
       "elasticloadbalancing:DeleteListener",
       "elasticloadbalancing:CreateRule",