From ed52b89e2b9b6df3706ea3689fbbbc26f96b800c Mon Sep 17 00:00:00 2001
From: Daniel Atanasovski <daniel.atanasovski@reece.com.au>
Date: Mon, 28 Oct 2024 12:07:27 +1100
Subject: [PATCH] fix: aws-load-balancer-controller service account missing IAM
 permissions

---
 lib/addons/aws-loadbalancer-controller/iam-policy.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/addons/aws-loadbalancer-controller/iam-policy.ts b/lib/addons/aws-loadbalancer-controller/iam-policy.ts
index 3e91b1fe6..6bf54e5d4 100644
--- a/lib/addons/aws-loadbalancer-controller/iam-policy.ts
+++ b/lib/addons/aws-loadbalancer-controller/iam-policy.ts
@@ -37,7 +37,9 @@ export const AwsLoadbalancerControllerIamPolicy = (partition: string) => {
                     "elasticloadbalancing:DescribeTargetGroups",
                     "elasticloadbalancing:DescribeTargetGroupAttributes",
                     "elasticloadbalancing:DescribeTargetHealth",
-                    "elasticloadbalancing:DescribeTags"
+                    "elasticloadbalancing:DescribeTags",
+                    "elasticloadbalancing:DescribeTrustStores",
+                    "elasticloadbalancing:DescribeListenerAttributes"
                 ],
                 "Resource": "*"
             },
@@ -186,7 +188,8 @@ export const AwsLoadbalancerControllerIamPolicy = (partition: string) => {
                     "elasticloadbalancing:DeleteLoadBalancer",
                     "elasticloadbalancing:ModifyTargetGroup",
                     "elasticloadbalancing:ModifyTargetGroupAttributes",
-                    "elasticloadbalancing:DeleteTargetGroup"
+                    "elasticloadbalancing:DeleteTargetGroup",
+                    "elasticloadbalancing:ModifyListenerAttributes"
                 ],
                 "Resource": "*",
                 "Condition": {