Add permission needed for service-linked role creation

Attempting to fix: - kubernetes#16218 by adding the permission needed for the AWS CCM to create a service-linked role for the elastic lb service. Signed-off-by: Arnaud Meukam <[email protected]>
ameukam · Jan 4, 2024 · ce340c6 · ce340c6
1 parent 0300a3b
commit ce340c6
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go
@@ -831,6 +831,7 @@ func AddCCMPermissions(p *Policy, cloudRoutes bool) {
 		"elasticloadbalancing:DescribeLoadBalancerPolicies",
 		"elasticloadbalancing:DescribeTargetGroups",
 		"elasticloadbalancing:DescribeTargetHealth",
+		"iam:CreateServiceLinkedRole",
 		"kms:DescribeKey",
 	)
 
@@ -884,7 +885,7 @@ func AddCCMPermissions(p *Policy, cloudRoutes bool) {
 	}
 }
 
-// AddAWSLoadbalancerControllerPermissions adds the permissions needed for the AWS Load Balancer Controller to the givnen policy
+// AddAWSLoadbalancerControllerPermissions adds the permissions needed for the AWS Load Balancer Controller to the given policy
 func AddAWSLoadbalancerControllerPermissions(p *Policy, enableWAF, enableWAFv2, enableShield bool) {
 	p.unconditionalAction.Insert(
 		"cognito-idp:DescribeUserPoolClient",