Update EC2 IAM Profile to least privilege required (#14417)

Change overly permissive IAM Profile from using wildcard in list of actions required. Explictly define the 4 required ec2:Associate* Realized while investigating issue #14383, though change does not resolve that issue
2 years ago · b29b310ff3
parent a103d8dd16
commit b29b310ff3
1 changed files with 5 additions and 2 deletions
--- a/docs/deploy-from-ansible.md
+++ b/docs/deploy-from-ansible.md
@ -170,9 +170,12 @@ Additional variables:
                "ec2:CreateVpc",
                "ec2:DescribeInternetGateways",
                "ec2:ModifyVpcAttribute",
-                "ec2:createTags",
+                "ec2:CreateTags",
                "ec2:CreateSubnet",
-                "ec2:Associate*",
+                "ec2:AssociateVpcCidrBlock",
+                "ec2:AssociateSubnetCidrBlock",
+                "ec2:AssociateRouteTable",
+                "ec2:AssociateAddress",
                "ec2:CreateRouteTable",
                "ec2:AttachInternetGateway",
                "ec2:DescribeRouteTables",