From 0557da50c284af4b67f20186de4b95db6cc3a583 Mon Sep 17 00:00:00 2001
From: Peter Rifel <pgrifel@gmail.com>
Date: Thu, 13 Feb 2020 11:10:38 -0600
Subject: [PATCH] Update IAM permissions for amazon-vpc-cni-k8s 1.6.0

---
 pkg/model/iam/iam_builder.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go
index 11676633f4dd4..9c7aca0cdf30a 100644
--- a/pkg/model/iam/iam_builder.go
+++ b/pkg/model/iam/iam_builder.go
@@ -871,16 +871,17 @@ func addAmazonVPCCNIPermissions(p *Policy, resource stringorslice.StringOrSlice,
 		&Statement{
 			Effect: StatementEffectAllow,
 			Action: stringorslice.Slice([]string{
-				"ec2:CreateNetworkInterface",
+				"ec2:AssignPrivateIpAddresses",
 				"ec2:AttachNetworkInterface",
+				"ec2:CreateNetworkInterface",
 				"ec2:DeleteNetworkInterface",
-				"ec2:DetachNetworkInterface",
-				"ec2:DescribeNetworkInterfaces",
 				"ec2:DescribeInstances",
+				"ec2:DescribeInstanceTypes",
+				"ec2:DescribeTags",
+				"ec2:DescribeNetworkInterfaces",
+				"ec2:DetachNetworkInterface",
 				"ec2:ModifyNetworkInterfaceAttribute",
-				"ec2:AssignPrivateIpAddresses",
 				"ec2:UnassignPrivateIpAddresses",
-				"tag:TagResources",
 			}),
 			Resource: resource,
 		},