fix: Fix AllowGetCertificates statement scope for ALB controller role (#196)

wfrced · bryantbiggs · web-flow · commit f120cc19056b · 2023-06-30T09:10:15.000-04:00
Co-authored-by: Bryant Biggs &lt;bryantbiggs@gmail.com&gt;
diff --git a/main.tf b/main.tf
@@ -948,8 +948,7 @@ data "aws_iam_policy_document" "aws_load_balancer_controller" {
     sid    = "AllowGetCertificates"
     effect = "Allow"
     resources = [
-      "arn:${local.partition}:acm:${local.region}:${local.account_id}:*",
-      "arn:${local.partition}:acm:${local.region}:${local.account_id}:certificate/*"
+      "*",
     ]
 
     actions = [

Original file line number	Diff line number	Diff line change
`@@ -948,8 +948,7 @@ data "aws_iam_policy_document" "aws_load_balancer_controller" {`
`948`	`948`	`sid = "AllowGetCertificates"`
`949`	`949`	`effect = "Allow"`
`950`	`950`	`resources = [`
`951`		`- "arn:${local.partition}:acm:${local.region}:${local.account_id}:*",`
`952`		`- "arn:${local.partition}:acm:${local.region}:${local.account_id}:certificate/*"`
	`951`	`+ "*",`
`953`	`952`	`]`
`954`	`953`
`955`	`954`	`actions = [`