Merge pull request #5056 from openshift-cherrypick-robot/cherry-pick-…

…5045-to-release-4.8 Bug 1981548: [release-4.8] aws: move elastic ip permissions to create networking category
openshift · Aug 8, 2021 · 54c7628 · 54c7628
2 parents 499e2c5 + e660319
commit 54c7628
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/pkg/asset/installconfig/aws/permissions.go b/pkg/asset/installconfig/aws/permissions.go
@@ -38,8 +38,6 @@ var permissions = map[PermissionGroup][]string{
 	// Base set of permissions required for cluster creation
 	PermissionCreateBase: {
 		// EC2 related perms
-		"ec2:AllocateAddress",
-		"ec2:AssociateAddress",
 		"ec2:AuthorizeSecurityGroupEgress",
 		"ec2:AuthorizeSecurityGroupIngress",
 		"ec2:CopyImage",
@@ -79,7 +77,6 @@ var permissions = map[PermissionGroup][]string{
 		"ec2:GetEbsDefaultKmsKeyId",
 		"ec2:ModifyInstanceAttribute",
 		"ec2:ModifyNetworkInterfaceAttribute",
-		"ec2:ReleaseAddress",
 		"ec2:RevokeSecurityGroupEgress",
 		"ec2:RevokeSecurityGroupIngress",
 		"ec2:RunInstances",
@@ -196,7 +193,9 @@ var permissions = map[PermissionGroup][]string{
 	},
 	// Permissions required for creating network resources
 	PermissionCreateNetworking: {
+		"ec2:AllocateAddress",
 		"ec2:AssociateDhcpOptions",
+		"ec2:AssociateAddress",
 		"ec2:AssociateRouteTable",
 		"ec2:AttachInternetGateway",
 		"ec2:CreateDhcpOptions",
@@ -222,6 +221,7 @@ var permissions = map[PermissionGroup][]string{
 		"ec2:DeleteVpcEndpoints",
 		"ec2:DetachInternetGateway",
 		"ec2:DisassociateRouteTable",
+		"ec2:ReleaseAddress",
 		"ec2:ReplaceRouteTableAssociation",
 	},
 	// Permissions required for deleting a cluster with shared network resources