terraform: update AWS LB permissions (#3681)

* bazel: add download rules for AWS LB policy * docs: add migration notice * terraform: re-download lb policy
2025-07-24 15:55:17 -04:00 · 2025-03-06 16:44:49 +01:00 · 2025-03-06 16:44:49 +01:00 · a491cac57a
commit a491cac57a
parent a1e24742a9
7 changed files with 79 additions and 4 deletions
--- a/terraform/infrastructure/iam/aws/alb_policy.json
+++ b/terraform/infrastructure/iam/aws/alb_policy.json
@ -29,6 +29,7 @@
                "ec2:DescribeTags",
                "ec2:GetCoipPoolUsage",
                "ec2:DescribeCoipPools",
+                "ec2:GetSecurityGroupsForVpc",
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:DescribeLoadBalancerAttributes",
                "elasticloadbalancing:DescribeListeners",
@ -39,7 +40,9 @@
                "elasticloadbalancing:DescribeTargetGroupAttributes",
                "elasticloadbalancing:DescribeTargetHealth",
                "elasticloadbalancing:DescribeTags",
-                "elasticloadbalancing:DescribeTrustStores"
+                "elasticloadbalancing:DescribeTrustStores",
+                "elasticloadbalancing:DescribeListenerAttributes",
+                "elasticloadbalancing:DescribeCapacityReservation"
            ],
            "Resource": "*"
        },
@ -188,7 +191,9 @@
                "elasticloadbalancing:DeleteLoadBalancer",
                "elasticloadbalancing:ModifyTargetGroup",
                "elasticloadbalancing:ModifyTargetGroupAttributes",
-                "elasticloadbalancing:DeleteTargetGroup"
+                "elasticloadbalancing:DeleteTargetGroup",
+                "elasticloadbalancing:ModifyListenerAttributes",
+                "elasticloadbalancing:ModifyCapacityReservation"
            ],
            "Resource": "*",
            "Condition": {