Update alb controller policy (#22)

* Update alb controller policy * 1.1.1
oxheadalpha · Jan 13, 2023 · 30cf8d7 · 30cf8d7
1 parent 223e69b
commit 30cf8d7
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/aws/components/AlbIngressController.ts b/aws/components/AlbIngressController.ts
@@ -129,6 +129,7 @@ export default class AlbIngressController extends pulumi.ComponentResource {
     this.registerOutputs()
   }
 
+  // https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/a92e689dfe464f5b24784f398947e0fef31dc470/docs/install/iam_policy.json
   private createPolicy() {
     return new aws.iam.Policy(
       "alb-ingress-controller",
@@ -138,15 +139,25 @@ export default class AlbIngressController extends pulumi.ComponentResource {
         policy: {
           Version: "2012-10-17",
           Statement: [
+            {
+              Effect: "Allow",
+              Action: ["iam:CreateServiceLinkedRole"],
+              Resource: "*",
+              Condition: {
+                StringEquals: {
+                  "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com",
+                },
+              },
+            },
             {
               Effect: "Allow",
               Action: [
-                "iam:CreateServiceLinkedRole",
                 "ec2:DescribeAccountAttributes",
                 "ec2:DescribeAddresses",
                 "ec2:DescribeAvailabilityZones",
                 "ec2:DescribeInternetGateways",
                 "ec2:DescribeVpcs",
+                "ec2:DescribeVpcPeeringConnections",
                 "ec2:DescribeSubnets",
                 "ec2:DescribeSecurityGroups",
                 "ec2:DescribeInstances",

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@oxheadalpha/tezos-pulumi",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "author": "Aryeh Harris <aryeh.harris@oxheadalpha.com>",
   "license": "MIT",
   "description": "Deploy Tezos Infrastructure in the Cloud",