From c8bb152839c411247321194531eadbd7dcdeced4 Mon Sep 17 00:00:00 2001
From: Erez Zarum <erezzarum@users.noreply.github.com>
Date: Tue, 16 Sep 2025 20:14:18 +0300
Subject: [PATCH] fix: Sync Karpenter IAM permissions with upstream (#3517)

Sync Karpenter IAM permissions with upstream

Signed-off-by: Erez Zarum <erezz@amazon.com>
---
 modules/karpenter/policy.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf
index ef478a0..1b3df55 100644
--- a/modules/karpenter/policy.tf
+++ b/modules/karpenter/policy.tf
@@ -181,6 +181,7 @@ data "aws_iam_policy_document" "controller" {
     sid       = "AllowRegionalReadActions"
     resources = ["*"]
     actions = [
+      "ec2:DescribeCapacityReservations",
       "ec2:DescribeAvailabilityZones",
       "ec2:DescribeImages",
       "ec2:DescribeInstances",