From ec4317af1450ba7771a7d5b356768d31ff1806db Mon Sep 17 00:00:00 2001
From: Juan Matias Kungfoo de la Camara Beovide
 <juan.delacamara@binbash.com.ar>
Date: Thu, 30 May 2024 10:05:23 -0300
Subject: [PATCH] FIX added tagresource permission to iam policy

---
 iam.tf | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/iam.tf b/iam.tf
index 9b8a055..3e5ac74 100644
--- a/iam.tf
+++ b/iam.tf
@@ -37,6 +37,19 @@ data "aws_iam_policy_document" "efs_csi_driver" {
       values   = ["true"]
     }
   }
+
+  statement {
+    actions = [
+      "elasticfilesystem:TagResource"
+    ]
+    resources = ["*"]
+    effect    = "Allow"
+    condition {
+      test     = "StringEquals"
+      variable = "aws:ResourceTag/efs.csi.aws.com/cluster"
+      values   = ["true"]
+    }
+  }
 }
 
 resource "aws_iam_policy" "efs_csi_driver" {