From 3128ca6a2aedeb67ea4466046779af4161442a3a Mon Sep 17 00:00:00 2001
From: Zois Pagoulatos <zpagoulatos@hotmail.com>
Date: Wed, 15 Oct 2025 14:51:19 +0200
Subject: [PATCH] feat(ebs-csi): Add support for volume clones

Following the [v.1.51.0](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/releases/tag/v1.51.0) release of the aws-esb-csi-driver, [support for creating instant, point-in-time copies of EBS volumes within the same Availability Zone](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2716) has been added.

This updates the policy for the EBS CSI to accomodate this change
---
 aws_ebs_csi.tf | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/aws_ebs_csi.tf b/aws_ebs_csi.tf
index a6369f2..8c8497b 100644
--- a/aws_ebs_csi.tf
+++ b/aws_ebs_csi.tf
@@ -28,6 +28,11 @@ data "aws_iam_policy_document" "ebs_csi" {
     resources = ["*"]
   }
 
+  statement {
+    actions   = ["ec2:CopyVolumes"]
+    resources = ["arn:${local.partition}:ec2:*:*:volume/vol-*"]
+  }
+
   statement {
     actions = ["ec2:CreateTags"]
 
@@ -42,6 +47,7 @@ data "aws_iam_policy_document" "ebs_csi" {
       values = [
         "CreateVolume",
         "CreateSnapshot",
+        "CopyVolumes",
       ]
     }
   }
@@ -56,7 +62,10 @@ data "aws_iam_policy_document" "ebs_csi" {
   }
 
   statement {
-    actions   = ["ec2:CreateVolume"]
+    actions = [
+      "ec2:CreateVolume",
+      "ec2:CopyVolumes",
+    ]
     resources = ["arn:${local.partition}:ec2:*:*:volume/*"]
 
     condition {
@@ -67,7 +76,10 @@ data "aws_iam_policy_document" "ebs_csi" {
   }
 
   statement {
-    actions   = ["ec2:CreateVolume"]
+    actions = [
+      "ec2:CreateVolume",
+      "ec2:CopyVolumes",
+    ]
     resources = ["arn:${local.partition}:ec2:*:*:volume/*"]
 
     condition {