diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7900442e..2c7d5334 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.99.0 + rev: v1.99.1 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf index 3ca5fe9c..bfa4fd3f 100644 --- a/modules/iam-role-for-service-accounts-eks/policies.tf +++ b/modules/iam-role-for-service-accounts-eks/policies.tf @@ -17,7 +17,6 @@ data "aws_iam_policy_document" "aws_gateway_controller" { } } - resource "aws_iam_policy" "aws_gateway_controller" { count = var.create_role && var.attach_aws_gateway_controller_policy ? 1 : 0 @@ -859,6 +858,7 @@ data "aws_iam_policy_document" "load_balancer_controller" { "ec2:DescribeCoipPools", "ec2:GetSecurityGroupsForVpc", "ec2:DescribeIpamPools", + "ec2:DescribeRouteTables", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeListeners", @@ -903,6 +903,12 @@ data "aws_iam_policy_document" "load_balancer_controller" { actions = [ "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupIngress", + ] + resources = ["*"] + } + + statement { + actions = [ "ec2:CreateSecurityGroup", ] resources = ["*"] @@ -962,7 +968,6 @@ data "aws_iam_policy_document" "load_balancer_controller" { statement { actions = [ - "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateTargetGroup", ] @@ -977,7 +982,6 @@ data "aws_iam_policy_document" "load_balancer_controller" { statement { actions = [ - "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateListener", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:CreateRule",