fix: Update ExternalDNS policy to support multiple Route 53 zones (#…

…1496) Co-authored-by: Artem Donskikh <artem.donskikh@dataart.com>
aws-ia · Mar 20, 2023 · 09ed9f4 · 09ed9f4
1 parent dbd9ca3
commit 09ed9f4
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/modules/kubernetes-addons/external-dns/data.tf b/modules/kubernetes-addons/external-dns/data.tf
@@ -5,15 +5,15 @@ data "aws_iam_policy_document" "external_dns_iam_policy_document" {
       [data.aws_route53_zone.selected.arn],
       var.route53_zone_arns
     ))
-    actions = [
-      "route53:ChangeResourceRecordSets",
-      "route53:ListResourceRecordSets",
-    ]
+    actions = ["route53:ChangeResourceRecordSets"]
   }
 
   statement {
     effect    = "Allow"
     resources = ["*"]
-    actions   = ["route53:ListHostedZones"]
+    actions = [
+      "route53:ListHostedZones",
+      "route53:ListResourceRecordSets",
+    ]
   }
 }