From 809c7404ab213768db22a6e87a3504f07a0aa3f2 Mon Sep 17 00:00:00 2001 From: Will Thames Date: Fri, 25 May 2018 20:31:54 +1000 Subject: [PATCH] Add two missing VPC permissions (#37896) Remove VPC permissions from network-policy.json as they mostly duplicate compute-policy.json permissions - separating the VPC and compute permissions would likely lead to further confusion. --- .../testing_policies/compute-policy.json | 2 ++ .../testing_policies/network-policy.json | 15 --------------- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/hacking/aws_config/testing_policies/compute-policy.json b/hacking/aws_config/testing_policies/compute-policy.json index b644d195f8..c9f31a4062 100644 --- a/hacking/aws_config/testing_policies/compute-policy.json +++ b/hacking/aws_config/testing_policies/compute-policy.json @@ -77,8 +77,10 @@ "ec2:Describe*", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", + "ec2:DisassociateSubnetCidrBlock", "ec2:ImportKeyPair", "ec2:ModifyImageAttribute", + "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:RegisterImage", "ec2:ReleaseAddress", diff --git a/hacking/aws_config/testing_policies/network-policy.json b/hacking/aws_config/testing_policies/network-policy.json index d5035c7f67..a5f921be86 100644 --- a/hacking/aws_config/testing_policies/network-policy.json +++ b/hacking/aws_config/testing_policies/network-policy.json @@ -1,21 +1,6 @@ { "Version": "2012-10-17", "Statement": [ - { - "Sid": "ManageVPCsForRoute53Testing", - "Effect": "Allow", - "Action": [ - "ec2:CreateTags", - "ec2:CreateVpc", - "ec2:DeleteVpc", - "ec2:DescribeTags", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeVpcs", - "ec2:ModifyVpcAttribute" - ], - "Resource": "*" - }, { "Sid": "ManageRoute53ForTests", "Effect": "Allow",