Add two missing VPC permissions (#37896)

Remove VPC permissions from network-policy.json as they mostly duplicate compute-policy.json permissions - separating the VPC and compute permissions would likely lead to further confusion.
6 years ago · 809c7404ab
parent 5dd3aa26ea
commit 809c7404ab
2 changed files with 2 additions and 15 deletions
--- a/hacking/aws_config/testing_policies/compute-policy.json
+++ b/hacking/aws_config/testing_policies/compute-policy.json
@ -77,8 +77,10 @@
                "ec2:Describe*",
                "ec2:DisassociateAddress",
                "ec2:DisassociateRouteTable",
+                "ec2:DisassociateSubnetCidrBlock",
                "ec2:ImportKeyPair",
                "ec2:ModifyImageAttribute",
+                "ec2:ModifySubnetAttribute",
                "ec2:ModifyVpcAttribute",
                "ec2:RegisterImage",
                "ec2:ReleaseAddress",
--- a/hacking/aws_config/testing_policies/network-policy.json
+++ b/hacking/aws_config/testing_policies/network-policy.json
@ -1,21 +1,6 @@
 {
    "Version": "2012-10-17",
    "Statement": [
-        {
-            "Sid": "ManageVPCsForRoute53Testing",
-            "Effect": "Allow",
-            "Action": [
-                "ec2:CreateTags",
-                "ec2:CreateVpc",
-                "ec2:DeleteVpc",
-                "ec2:DescribeTags",
-                "ec2:DescribeVpcAttribute",
-                "ec2:DescribeVpcClassicLink",
-                "ec2:DescribeVpcs",
-                "ec2:ModifyVpcAttribute"
-            ],
-            "Resource": "*"
-        },
        {
            "Sid": "ManageRoute53ForTests",
            "Effect": "Allow",