From b75cd1af7937c8ac35effa622a06f37c5bd3dd46 Mon Sep 17 00:00:00 2001
From: islishude <islishude@gmail.com>
Date: Fri, 13 Dec 2024 10:56:56 +0800
Subject: [PATCH] feat: add policies for AWS LBC v2.11.0

See https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/tag/v2.11.0

> We've updated the reference IAM policies to explicitly add the elasticloadbalancing:DescribeCapacityReservation and elasticloadbalancing:ModifyCapacityReservation permissions for describing and modifying capacity reservation. Please be sure to apply the latest IAM policy when upgrading.
---
 modules/iam-role-for-service-accounts-eks/policies.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf
index 96f20b81..98e137d7 100644
--- a/modules/iam-role-for-service-accounts-eks/policies.tf
+++ b/modules/iam-role-for-service-accounts-eks/policies.tf
@@ -853,6 +853,7 @@ data "aws_iam_policy_document" "load_balancer_controller" {
       "elasticloadbalancing:DescribeTags",
       "elasticloadbalancing:DescribeTrustStores",
       "elasticloadbalancing:DescribeListenerAttributes",
+      "elasticloadbalancing:DescribeCapacityReservation",
     ]
     resources = ["*"]
   }
@@ -1015,6 +1016,7 @@ data "aws_iam_policy_document" "load_balancer_controller" {
       "elasticloadbalancing:ModifyTargetGroupAttributes",
       "elasticloadbalancing:DeleteTargetGroup",
       "elasticloadbalancing:ModifyListenerAttributes",
+      "elasticloadbalancing:ModifyCapacityReservation",
     ]
     resources = ["*"]