Skip to content

Commit 992e045

Browse files
RamazanKaraRamazanKara
committed
feat: add wafv2:ListWebACLs permission for ALB controller
The AWS Load Balancer Controller requires the wafv2:ListWebACLs permission to resolve WAF ACL names to ARNs when using the wafv2-acl-name annotation. Without this permission, the controller cannot find the WAF ACL by name, resulting in ingress creation failures. This change adds the missing permission to the IAM policy for the aws-load-balancer-controller service account.
1 parent 6b2ba41 commit 992e045

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

aws_lb_controller.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ data "aws_iam_policy_document" "lb_controller" {
7171
"wafv2:GetWebACLForResource",
7272
"wafv2:AssociateWebACL",
7373
"wafv2:DisassociateWebACL",
74+
"wafv2:ListWebACLs",
7475
"shield:GetSubscriptionState",
7576
"shield:DescribeProtection",
7677
"shield:CreateProtection",

0 commit comments

Comments
 (0)