From 09ed9f489d254b816394222713c39238af3429ac Mon Sep 17 00:00:00 2001
From: Artem Donskikh <2426821+adonskikh@users.noreply.github.com>
Date: Mon, 20 Mar 2023 20:08:38 +0400
Subject: [PATCH] fix: Update `ExternalDNS` policy to support multiple Route 53
 zones (#1496)

Co-authored-by: Artem Donskikh <artem.donskikh@dataart.com>
---
 modules/kubernetes-addons/external-dns/data.tf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/kubernetes-addons/external-dns/data.tf b/modules/kubernetes-addons/external-dns/data.tf
index fa167d3f47..436e938847 100644
--- a/modules/kubernetes-addons/external-dns/data.tf
+++ b/modules/kubernetes-addons/external-dns/data.tf
@@ -5,15 +5,15 @@ data "aws_iam_policy_document" "external_dns_iam_policy_document" {
       [data.aws_route53_zone.selected.arn],
       var.route53_zone_arns
     ))
-    actions = [
-      "route53:ChangeResourceRecordSets",
-      "route53:ListResourceRecordSets",
-    ]
+    actions = ["route53:ChangeResourceRecordSets"]
   }
 
   statement {
     effect    = "Allow"
     resources = ["*"]
-    actions   = ["route53:ListHostedZones"]
+    actions = [
+      "route53:ListHostedZones",
+      "route53:ListResourceRecordSets",
+    ]
   }
 }