From 8b2af8e1206a76be06d7ae5a13d91300f9ac418d Mon Sep 17 00:00:00 2001
From: lostsnow <lostsnow@gmail.com>
Date: Fri, 6 Dec 2024 12:22:56 +0800
Subject: [PATCH] Update to the EBS CSI Driver IAM Policy for AWS 2025 changes

https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/2190
---
 iam.tf | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/iam.tf b/iam.tf
index d56d79f..62bc313 100644
--- a/iam.tf
+++ b/iam.tf
@@ -59,6 +59,16 @@ data "aws_iam_policy_document" "this" {
     actions = ["ec2:DeleteTags"]
   }
 
+  statement {
+    effect = "Allow"
+
+    resources = [
+      "arn:aws:ec2:*:*:snapshot/*",
+    ]
+
+    actions = ["ec2:CreateVolume"]
+  }
+
   statement {
     effect    = "Allow"
     resources = ["*"]