From 69284995e4cb745db627b03f67c1547a67bfa092 Mon Sep 17 00:00:00 2001
From: Max Xu <xuhuan@live.cn>
Date: Fri, 14 Nov 2025 00:30:32 +0800
Subject: [PATCH] feat(iam): add iam:ListInstanceProfiles permission for
 karpenter 1.7.0+

Signed-off-by: Max Xu <xuhuan@live.cn>
---
 modules/iam/karpenter.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/iam/karpenter.tf b/modules/iam/karpenter.tf
index 2505523..a12acc2 100644
--- a/modules/iam/karpenter.tf
+++ b/modules/iam/karpenter.tf
@@ -380,7 +380,7 @@ data "aws_iam_policy_document" "karpenter" {
   statement {
     sid       = "AllowInstanceProfileReadActions"
     resources = ["arn:${local.aws_partition}:iam::${local.account_id}:instance-profile/*"]
-    actions   = ["iam:GetInstanceProfile"]
+    actions   = ["iam:GetInstanceProfile", "iam:ListInstanceProfiles"]
   }
 
   statement {