terraform: update AWS LB permissions (#3681)

* bazel: add download rules for AWS LB policy * docs: add migration notice * terraform: re-download lb policy
2025-08-01 11:36:10 -04:00 · 2025-03-06 16:44:49 +01:00 · 2025-03-06 16:44:49 +01:00 · a491cac57a
commit a491cac57a
parent a1e24742a9
7 changed files with 79 additions and 4 deletions
--- a/docs/docs/reference/migration.md
+++ b/docs/docs/reference/migration.md
@ -36,7 +36,13 @@ done
 echo "All specified rules have been deleted."
 ```

-## Migrations to v2.19.0
+## Migrating from CLI versions before 2.21.1
+
+### AWS
+
+* AWS clusters that use `LoadBalancer` resources require more IAM permissions. Please upgrade your IAM roles using `constellation iam upgrade apply`. This will show necessary changes and apply them, if desired.
+
+## Migrating from CLI versions before 2.19.0

 ### Azure

@ -46,7 +52,7 @@ echo "All specified rules have been deleted."
 If your Constellation has services of type `LoadBalancer`, please remove them before the upgrade and re-apply them
 afterward.

-## Migrating from Azure's service principal authentication to managed identity authentication (during the upgrade to Constellation v2.8.0)
+## Migrating from CLI versions before 2.18.0

 * The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed.
 * To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`.