feat: Update AWS EBS CSI Driver IAM Policy (#22)

Author: calvinbui

aws_ebs_csi.tf

@@ -57,7 +57,7 @@ data "aws_iam_policy_document" "ebs_csi" {
 
   statement {
     actions   = ["ec2:CreateVolume"]
-    resources = ["*"]
+    resources = ["arn:aws:ec2:*:*:volume/*"]
 
     condition {
       test     = "StringLike"
@@ -68,7 +68,7 @@ data "aws_iam_policy_document" "ebs_csi" {
 
   statement {
     actions   = ["ec2:CreateVolume"]
-    resources = ["*"]
+    resources = ["arn:aws:ec2:*:*:volume/*"]
 
     condition {
       test     = "StringLike"
@@ -77,6 +77,11 @@ data "aws_iam_policy_document" "ebs_csi" {
     }
   }
 
+  statement {
+    actions   = ["ec2:CreateVolume"]
+    resources = ["arn:aws:ec2:*:*:snapshot/*"]
+  }
+
   statement {
     actions   = ["ec2:DeleteVolume"]
     resources = ["*"]