From 326e3f5248b7da13f3930ad44ae7dd6e6aa990a7 Mon Sep 17 00:00:00 2001
From: Christian Bianchi <christian@giantswarm.io>
Date: Mon, 8 Apr 2024 10:41:40 +0200
Subject: [PATCH] Add tag permissions for IAM (#92)

* Update iam-policy.json

* Update CHANGELOG.md
---
 CHANGELOG.md                      | 4 ++++
 aws-operator-role/iam-policy.json | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4f56bea..b47dba6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Add `iam:ListRoleTags` and `iam:UntagRole` permissions to the AWS operator role.
+
 ## [3.4.0] - 2024-01-16
 
 ### Changed
diff --git a/aws-operator-role/iam-policy.json b/aws-operator-role/iam-policy.json
index 6db9028..96b1686 100644
--- a/aws-operator-role/iam-policy.json
+++ b/aws-operator-role/iam-policy.json
@@ -49,6 +49,8 @@
                 "iam:PutRolePolicy",
                 "iam:RemoveRoleFromInstanceProfile",
                 "iam:TagRole",
+                "iam:ListRoleTags",
+                "iam:UntagRole",
                 "iam:UpdateAssumeRolePolicy",
                 "iam:UpdateRoleDescription",
                 "kms:*",