Merge pull request #6655 from Himangini/update-iam-policy

Updated IAM policy statement for loadbalancer controller

pkg/cfn/builder/statement.go

@@ -84,6 +84,28 @@ func loadBalancerControllerStatements() []cft.MapOfInterfaces {
 				"elasticloadbalancing:RemoveTags",
 			},
 		},
+		{
+			"Effect": effectAllow,
+			"Action": []string{
+				"elasticloadbalancing:AddTags",
+			},
+			"Resource": []*gfnt.Value{
+				addARNPartitionPrefix("elasticloadbalancing:*:*:targetgroup/*/*"),
+				addARNPartitionPrefix("elasticloadbalancing:*:*:loadbalancer/net/*/*"),
+				addARNPartitionPrefix("elasticloadbalancing:*:*:loadbalancer/app/*/*"),
+			},
+			"Condition": map[string]interface{}{
+				"StringEquals": map[string]interface{}{
+					"elasticloadbalancing:CreateAction": []string{
+						"CreateTargetGroup",
+						"CreateLoadBalancer",
+					},
+				},
+				"Null": map[string]string{
+					"aws:RequestTag/elbv2.k8s.aws/cluster": "false",
+				},
+			},
+		},
 		{
 			"Effect":   effectAllow,
 			"Resource": resourceAll,