Merge pull request #1553 from alphagov/samsimpson1/ebs-iam-update

Allow EBS CSI driver role to perform ec2:CreateVolume on snapshots
alphagov · Dec 18, 2024 · 8334b71 · 8334b71
2 parents 1e7a246 + c40328a
commit 8334b71
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/terraform/deployments/cluster-infrastructure/aws_ebs_csi_iam.tf b/terraform/deployments/cluster-infrastructure/aws_ebs_csi_iam.tf
@@ -83,6 +83,18 @@ data "aws_iam_policy_document" "aws_ebs_csi_driver" {
     }
   }
 
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "ec2:CreateVolume"
+    ]
+
+    resources = [
+      "arn:*:ec2:*:*:snapshot/*"
+    ]
+  }
+
   statement {
     effect = "Allow"