Describe the bug
The controller is failing to create a target group based on the provided policy.

User: arn:aws:sts::123:assumed-role/AWSALBIngressController_3f2bb898eae5ea79ebdb9cb3514f5ec6/1655374570081000102 is not authorized to perform: elasticloadbalancing:AddTags on resource: arn:aws:elasticloadbalancing:us-west-2:123:targetgroup/foo/* 

This error occurs after trying to create the target group and before reconciliation.

Based on my understanding of the policy, AddTags requires a null cluster tag in the request but also requires a non-null resource tag. I'm not sure how that can be possible during target group creation. Especially since the request has the cluster tag and presumably the target group has no tags on creation.

Steps to reproduce

Expected outcome
The target group should be created with expected tags

Environment

• AWS Load Balancer controller version 2.2.3
• Kubernetes version v1.17.12-eks-7684af
• Using EKS (yes/no), if so version? yes, v1.17.12-eks-7684af

Additional Context: