Bump aws-load-balancer-controller version and IAM policy content to…

… v2.5.1 (#389) * chore: Updated the content of the file "/tmp/updatecli/github/jenkins... ... -infra/aws/iam-roles-eks.tf" Made with ❤️️ by updatecli * chore: Updated the content of the file "/tmp/updatecli/github/jenkins... ... -infra/aws/iam-nlb-policy.json" Made with ❤️️ by updatecli * chore: Updated the content of the file "/tmp/updatecli/github/jenkins... ... -infra/aws/iam-roles-eks.tf" Made with ❤️️ by updatecli --------- Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com> Co-authored-by: Damien Duportal <damien.duportal@gmail.com>
jenkins-infra · Jul 4, 2023 · 6cbb322 · 6cbb322
1 parent 166d71a
commit 6cbb322
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 20 deletions.
diff --git a/iam-nlb-policy.json b/iam-nlb-policy.json
@@ -177,6 +177,25 @@
                 "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*"
             ]
         },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:ModifyLoadBalancerAttributes",
+                "elasticloadbalancing:SetIpAddressType",
+                "elasticloadbalancing:SetSecurityGroups",
+                "elasticloadbalancing:SetSubnets",
+                "elasticloadbalancing:DeleteLoadBalancer",
+                "elasticloadbalancing:ModifyTargetGroup",
+                "elasticloadbalancing:ModifyTargetGroupAttributes",
+                "elasticloadbalancing:DeleteTargetGroup"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "Null": {
+                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
+                }
+            }
+        },
         {
             "Effect": "Allow",
             "Action": [
@@ -199,25 +218,6 @@
                 }
             }
         },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "elasticloadbalancing:ModifyLoadBalancerAttributes",
-                "elasticloadbalancing:SetIpAddressType",
-                "elasticloadbalancing:SetSecurityGroups",
-                "elasticloadbalancing:SetSubnets",
-                "elasticloadbalancing:DeleteLoadBalancer",
-                "elasticloadbalancing:ModifyTargetGroup",
-                "elasticloadbalancing:ModifyTargetGroupAttributes",
-                "elasticloadbalancing:DeleteTargetGroup"
-            ],
-            "Resource": "*",
-            "Condition": {
-                "Null": {
-                    "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
-                }
-            }
-        },
         {
             "Effect": "Allow",
             "Action": [

diff --git a/iam-roles-eks.tf b/iam-roles-eks.tf
@@ -8,7 +8,7 @@ resource "aws_iam_policy" "ebs_csi" {
 resource "aws_iam_policy" "cluster_nlb" {
   name        = "AWSLoadBalancerControllerIAMPolicy"
   description = "EKS cluster-nlb policy"
-  # JSON from https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json
+  # JSON from https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.1/docs/install/iam_policy.json
   # Cf https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html
   policy = file("iam-nlb-policy.json") #tfsec:ignore:aws-iam-no-policy-wildcards
 }