From bc6a60194485aadfad9a2b6d4381a407fc94220b Mon Sep 17 00:00:00 2001
From: Himangini <himangini@weave.works>
Date: Tue, 30 May 2023 15:43:20 +0100
Subject: [PATCH] Updated IAM policy statement for loadbalancer controller

---
 pkg/cfn/builder/statement.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/pkg/cfn/builder/statement.go b/pkg/cfn/builder/statement.go
index ad81a88f22..5f4263bd05 100644
--- a/pkg/cfn/builder/statement.go
+++ b/pkg/cfn/builder/statement.go
@@ -84,6 +84,28 @@ func loadBalancerControllerStatements() []cft.MapOfInterfaces {
 				"elasticloadbalancing:RemoveTags",
 			},
 		},
+		{
+			"Effect": effectAllow,
+			"Action": []string{
+				"elasticloadbalancing:AddTags",
+			},
+			"Resource": []*gfnt.Value{
+				addARNPartitionPrefix("elasticloadbalancing:*:*:targetgroup/*/*"),
+				addARNPartitionPrefix("elasticloadbalancing:*:*:loadbalancer/net/*/*"),
+				addARNPartitionPrefix("elasticloadbalancing:*:*:loadbalancer/app/*/*"),
+			},
+			"Condition": map[string]interface{}{
+				"StringEquals": map[string]interface{}{
+					"elasticloadbalancing:CreateAction": []string{
+						"CreateTargetGroup",
+						"CreateLoadBalancer",
+					},
+				},
+				"Null": map[string]string{
+					"aws:RequestTag/elbv2.k8s.aws/cluster": "false",
+				},
+			},
+		},
 		{
 			"Effect":   effectAllow,
 			"Resource": resourceAll,