feat: Update efs_csi policy to support resource tagging (#352)

DavidS-ovm · web-flow · commit 47cb7a234786 · 2023-03-17T07:42:14.000-04:00
diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf
@@ -341,6 +341,17 @@ data "aws_iam_policy_document" "efs_csi" {
     }
   }
 
+  statement {
+    actions   = ["elasticfilesystem:TagResource"]
+    resources = ["*"]
+
+    condition {
+      test     = "StringLike"
+      variable = "aws:RequestTag/efs.csi.aws.com/cluster"
+      values   = ["true"]
+    }
+  }
+
   statement {
     actions   = ["elasticfilesystem:DeleteAccessPoint"]
     resources = ["*"]
