From 042915b695d216c315277a1e459731523a1d5911 Mon Sep 17 00:00:00 2001
From: Darrell Pappa <darrell.pappa@streamnative.io>
Date: Wed, 3 Sep 2025 13:35:00 -0400
Subject: [PATCH] feat: Updated aws_lb_controller_iam_policy.json.tpl to grant
 required permissions

---
 .../aws_lb_controller_iam_policy.json.tpl      | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/modules/aws/vendor-access/files/aws_lb_controller_iam_policy.json.tpl b/modules/aws/vendor-access/files/aws_lb_controller_iam_policy.json.tpl
index d63c42d..8f16c15 100644
--- a/modules/aws/vendor-access/files/aws_lb_controller_iam_policy.json.tpl
+++ b/modules/aws/vendor-access/files/aws_lb_controller_iam_policy.json.tpl
@@ -29,6 +29,9 @@
                 "ec2:DescribeTags",
                 "ec2:GetCoipPoolUsage",
                 "ec2:DescribeCoipPools",
+                "ec2:GetSecurityGroupsForVpc",
+                "ec2:DescribeIpamPools",
+                "ec2:DescribeRouteTables",
                 "elasticloadbalancing:DescribeLoadBalancers",
                 "elasticloadbalancing:DescribeLoadBalancerAttributes",
                 "elasticloadbalancing:DescribeListeners",
@@ -38,7 +41,10 @@
                 "elasticloadbalancing:DescribeTargetGroups",
                 "elasticloadbalancing:DescribeTargetGroupAttributes",
                 "elasticloadbalancing:DescribeTargetHealth",
-                "elasticloadbalancing:DescribeTags"
+                "elasticloadbalancing:DescribeTags",
+                "elasticloadbalancing:DescribeTrustStores",
+                "elasticloadbalancing:DescribeListenerAttributes",
+                "elasticloadbalancing:DescribeCapacityReservation"
             ],
             "Resource": "*"
         },
@@ -195,7 +201,10 @@
                 "elasticloadbalancing:DeleteLoadBalancer",
                 "elasticloadbalancing:ModifyTargetGroup",
                 "elasticloadbalancing:ModifyTargetGroupAttributes",
-                "elasticloadbalancing:DeleteTargetGroup"
+                "elasticloadbalancing:DeleteTargetGroup",
+                "elasticloadbalancing:ModifyListenerAttributes",
+                "elasticloadbalancing:ModifyCapacityReservation",
+                "elasticloadbalancing:ModifyIpPools"
             ],
             "Resource": "*",
             "Condition": {
@@ -241,9 +250,10 @@
                 "elasticloadbalancing:ModifyListener",
                 "elasticloadbalancing:AddListenerCertificates",
                 "elasticloadbalancing:RemoveListenerCertificates",
-                "elasticloadbalancing:ModifyRule"
+                "elasticloadbalancing:ModifyRule",
+                "elasticloadbalancing:SetRulePriorities"
             ],
             "Resource": "*"
         }
     ]
-}
+}
\ No newline at end of file