From d19df3e5aeddae711c6c7a8d7e8e4a152fefe9ed Mon Sep 17 00:00:00 2001
From: "Shih-Ting, Yuan" <shihtiy.tw@gmail.com>
Date: Tue, 10 Dec 2024 09:57:41 +0000
Subject: [PATCH] chore(integration): modify IAM policy for
 aws-load-balancer-controller

Add support for capacity unit reservation for load balancers
https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/3950
---
 .../aws-load-balancer-controller/policy.json             | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/labs/integrations/aws-load-balancer-controller/policy.json b/labs/integrations/aws-load-balancer-controller/policy.json
index 40bd903..6360873 100644
--- a/labs/integrations/aws-load-balancer-controller/policy.json
+++ b/labs/integrations/aws-load-balancer-controller/policy.json
@@ -29,6 +29,7 @@
         "ec2:DescribeTags",
         "ec2:GetCoipPoolUsage",
         "ec2:DescribeCoipPools",
+        "ec2:GetSecurityGroupsForVpc",
         "elasticloadbalancing:DescribeLoadBalancers",
         "elasticloadbalancing:DescribeLoadBalancerAttributes",
         "elasticloadbalancing:DescribeListeners",
@@ -39,7 +40,9 @@
         "elasticloadbalancing:DescribeTargetGroupAttributes",
         "elasticloadbalancing:DescribeTargetHealth",
         "elasticloadbalancing:DescribeTags",
-        "elasticloadbalancing:DescribeTrustStores"
+        "elasticloadbalancing:DescribeTrustStores",
+        "elasticloadbalancing:DescribeListenerAttributes",
+        "elasticloadbalancing:DescribeCapacityReservation"
       ],
       "Resource": "*"
     },
@@ -188,7 +191,9 @@
         "elasticloadbalancing:DeleteLoadBalancer",
         "elasticloadbalancing:ModifyTargetGroup",
         "elasticloadbalancing:ModifyTargetGroupAttributes",
-        "elasticloadbalancing:DeleteTargetGroup"
+        "elasticloadbalancing:DeleteTargetGroup",
+        "elasticloadbalancing:ModifyListenerAttributes",
+        "elasticloadbalancing:ModifyCapacityReservation"
       ],
       "Resource": "*",
       "Condition": {