From c46494fdda333ddef7788d62e853d39718102b17 Mon Sep 17 00:00:00 2001 From: "Jenkins Infra Bot (updatecli)" <60776566+jenkins-infra-bot@users.noreply.github.com> Date: Mon, 17 Apr 2023 07:50:44 +0000 Subject: [PATCH 1/3] chore: Updated the content of the file "/tmp/updatecli/github/jenkins... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... -infra/aws/iam-roles-eks.tf" Made with ❤️️ by updatecli --- iam-roles-eks.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iam-roles-eks.tf b/iam-roles-eks.tf index 39e8d59..782bad1 100644 --- a/iam-roles-eks.tf +++ b/iam-roles-eks.tf @@ -8,7 +8,7 @@ resource "aws_iam_policy" "ebs_csi" { resource "aws_iam_policy" "cluster_nlb" { name = "AWSLoadBalancerControllerIAMPolicy" description = "EKS cluster-nlb policy" - # JSON from https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json + # JSON from https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.0/docs/install/iam_policy.json # Cf https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html policy = file("iam-nlb-policy.json") #tfsec:ignore:aws-iam-no-policy-wildcards } From fb58b7e1c772ee66995f9598102ac5e266d5d76b Mon Sep 17 00:00:00 2001 From: "Jenkins Infra Bot (updatecli)" <60776566+jenkins-infra-bot@users.noreply.github.com> Date: Mon, 17 Apr 2023 07:50:45 +0000 Subject: [PATCH 2/3] chore: Updated the content of the file "/tmp/updatecli/github/jenkins... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... -infra/aws/iam-nlb-policy.json" Made with ❤️️ by updatecli --- iam-nlb-policy.json | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/iam-nlb-policy.json b/iam-nlb-policy.json index 25293bf..7944f2a 100644 --- a/iam-nlb-policy.json +++ b/iam-nlb-policy.json @@ -177,6 +177,25 @@ "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" ] }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Resource": "*", + "Condition": { + "Null": { + "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" + } + } + }, { "Effect": "Allow", "Action": [ @@ -199,25 +218,6 @@ } } }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:SetIpAddressType", - "elasticloadbalancing:SetSecurityGroups", - "elasticloadbalancing:SetSubnets", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:DeleteTargetGroup" - ], - "Resource": "*", - "Condition": { - "Null": { - "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" - } - } - }, { "Effect": "Allow", "Action": [ From a0d204bd8b37904f13d99d95b0c5bbc3dc54f04a Mon Sep 17 00:00:00 2001 From: "Jenkins Infra Bot (updatecli)" <60776566+jenkins-infra-bot@users.noreply.github.com> Date: Fri, 21 Apr 2023 11:55:27 +0000 Subject: [PATCH 3/3] chore: Updated the content of the file "/tmp/updatecli/github/jenkins... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... -infra/aws/iam-roles-eks.tf" Made with ❤️️ by updatecli --- iam-roles-eks.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iam-roles-eks.tf b/iam-roles-eks.tf index 782bad1..cb630be 100644 --- a/iam-roles-eks.tf +++ b/iam-roles-eks.tf @@ -8,7 +8,7 @@ resource "aws_iam_policy" "ebs_csi" { resource "aws_iam_policy" "cluster_nlb" { name = "AWSLoadBalancerControllerIAMPolicy" description = "EKS cluster-nlb policy" - # JSON from https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.0/docs/install/iam_policy.json + # JSON from https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.1/docs/install/iam_policy.json # Cf https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html policy = file("iam-nlb-policy.json") #tfsec:ignore:aws-iam-no-policy-wildcards }