{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iam:CreateServiceLinkedRole"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "iam:AWSServiceName": [
            "globalaccelerator.amazonaws.com"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "globalaccelerator:ListAccelerators",
        "globalaccelerator:ListEndpointGroups",
        "globalaccelerator:ListListeners",
        "globalaccelerator:ListTagsForResource",
        "ec2:DescribeRegions",
        "tag:GetResources"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "globalaccelerator:DescribeAccelerator",
        "globalaccelerator:DescribeEndpointGroup",
        "globalaccelerator:DescribeListener"
      ],
      "Resource": [
        "arn:aws:globalaccelerator::*:accelerator/*",
        "arn:aws:globalaccelerator::*:accelerator/*/listener/*",
        "arn:aws:globalaccelerator::*:accelerator/*/listener/*/endpoint-group/*"
      ],
      "Condition": {
        "Null": {
          "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
        },
        "StringEquals": {
          "aws:ResourceTag/aga.k8s.aws/resource": "GlobalAccelerator"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "globalaccelerator:CreateAccelerator"
      ],
      "Resource": "*",
      "Condition": {
        "Null": {
          "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
        },
        "StringEquals": {
          "aws:RequestTag/aga.k8s.aws/resource": "GlobalAccelerator"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "globalaccelerator:UpdateAccelerator",
        "globalaccelerator:DeleteAccelerator",
        "globalaccelerator:CreateListener",
        "globalaccelerator:UpdateListener",
        "globalaccelerator:DeleteListener",
        "globalaccelerator:CreateEndpointGroup",
        "globalaccelerator:UpdateEndpointGroup",
        "globalaccelerator:DeleteEndpointGroup",
        "globalaccelerator:AddEndpoints",
        "globalaccelerator:RemoveEndpoints"
      ],
      "Resource": [
        "arn:aws:globalaccelerator::*:accelerator/*",
        "arn:aws:globalaccelerator::*:accelerator/*/listener/*",
        "arn:aws:globalaccelerator::*:accelerator/*/listener/*/endpoint-group/*"
      ],
      "Condition": {
        "Null": {
          "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
        },
        "StringEquals": {
          "aws:ResourceTag/aga.k8s.aws/resource": "GlobalAccelerator"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "globalaccelerator:TagResource",
        "globalaccelerator:UntagResource"
      ],
      "Resource": "arn:aws:globalaccelerator::*:accelerator/*",
      "Condition": {
        "Null": {
          "aws:RequestTag/elbv2.k8s.aws/cluster": "true",
          "aws:ResourceTag/elbv2.k8s.aws/cluster": "false"
        },
        "StringEquals": {
          "aws:ResourceTag/aga.k8s.aws/resource": "GlobalAccelerator"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "globalaccelerator:TagResource"
      ],
      "Resource": "arn:aws:globalaccelerator::*:accelerator/*",
      "Condition": {
        "Null": {
          "aws:RequestTag/elbv2.k8s.aws/cluster": "false"
        },
        "StringEquals": {
          "aws:RequestTag/aga.k8s.aws/resource": "GlobalAccelerator"
        }
      }
    }
  ]
}