From 2f53f615dc27de344cb08fd15c98da2e2b3951d0 Mon Sep 17 00:00:00 2001
From: Arvid Mildner <mildner.arvid@gmail.com>
Date: Tue, 18 Oct 2022 03:18:30 +0200
Subject: [PATCH] Added additional policies required for targetgroup binding to
 work with AWS LBC (#292)

Co-authored-by: Arvid Mildner <arvid.mildner@rikstv.no>
---
 modules/iam-role-for-service-accounts-eks/policies.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf
index 42b88415..92c5fd8a 100644
--- a/modules/iam-role-for-service-accounts-eks/policies.tf
+++ b/modules/iam-role-for-service-accounts-eks/policies.tf
@@ -863,12 +863,14 @@ data "aws_iam_policy_document" "load_balancer_controller_targetgroup_only" {
       "ec2:DescribeSecurityGroups",
       "ec2:DescribeInstances",
       "ec2:DescribeVpcs",
+      "ec2:AuthorizeSecurityGroupIngress",
+      "ec2:RevokeSecurityGroupIngress",
       "elasticloadbalancing:DescribeTargetGroups",
       "elasticloadbalancing:DescribeTargetHealth",
       "elasticloadbalancing:ModifyTargetGroup",
       "elasticloadbalancing:ModifyTargetGroupAttributes",
       "elasticloadbalancing:RegisterTargets",
-      "elasticloadbalancing:DeregisterTargets"
+      "elasticloadbalancing:DeregisterTargets",
     ]
 
     resources = ["*"]