I'm currently working on installing Goldilocks Helm chart to an EKS cluster. I have enabled an ingress for the tool's dashboard by manipulating a single Helm chart value. The problem is that, the ingress fails to deploy because default IAM policy for ALB controller is missing a single IAM policy statement. Therefore, I have created the required statement and linked it to the new policy.
When attempting to pass this custom IAM policy to the albController, I encountered the following error: TypeError: policy.Statement is not iterable. I'm facing difficulty in determining the expected property type for albController policy since it has no type defined (any type).
const elbAllowAddTags = new iam.PolicyStatement({
resources: ["*"],
effect: iam.Effect.ALLOW,
actions: ["elasticloadbalancing:AddTags"],
conditions: { "StringEquals": { "elasticloadbalancing:CreateAction": "CreateTargetGroup" } }
})
const elbPolicy = new iam.Policy(scope, "elbPolicy", {
policyName: "elbPolicy",
statements: [elbAllowAddTags],
});
const eksCluster = new eks.Cluster(scope, id, {
albController: {
...
policy: elbPolicy,
},
I could not extend the default ALB controller policy but I solved the problem by upgrading ALBC version (see - https://github.com/aws/aws-cdk/issues/26442).