Fix support for me-central-1 & panic from private Gitpod network

[kylos101]

Description

• t2.micro and t3a.micro are not supported in me-central-1 (ref).
• the vpc endpoint policy prevents some API calls from working, when this happens we encountered panics

Related Issue(s)

Related to CLC-868
Fixes CLC-868
Slack

How to test

1. No more panic from a network created by our private template when testing from catfood:

go run . diagnose
INFO[0000] ✅ Main Subnets are valid                     
INFO[0000] ✅ Pod Subnets are valid                      
INFO[0000] ℹ️  Checking prerequisites                   
ERRO[0000] Failed to list instances, please cleanup instances manually  error="operation error EC2: DescribeInstances, https response error StatusCode: 403, RequestID: fb146150-2680-4e39-bf08-7c872135a629, api error UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::353572503587:assumed-role/AWSReservedSSO_EngineerAdmin_TestAccounts_3h_106ea01b127e40d3/kyle@gitpod.io is not authorized to perform: ec2:DescribeInstances because no VPC endpoint policy allows the ec2:DescribeInstances action"
INFO[0000] No roles found.                              
ERRO[0000] Failed to list security groups, please cleanup manually  error="operation error EC2: DescribeSecurityGroups, https response error StatusCode: 403, RequestID: bf6541aa-09eb-4a63-8c55-55d36c8c3584, api error UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::353572503587:assumed-role/AWSReservedSSO_EngineerAdmin_TestAccounts_3h_106ea01b127e40d3/kyle@gitpod.io is not authorized to perform: ec2:DescribeSecurityGroups because no VPC endpoint policy allows the ec2:DescribeSecurityGroups action"
Error: ❌ failed to check prerequisites: operation error EC2: DescribeVpcEndpoints, https response error StatusCode: 403, RequestID: 11fbbe58-e0d7-4725-9062-3f8faa52afae, api error UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::353572503587:assumed-role/AWSReservedSSO_EngineerAdmin_TestAccounts_3h_106ea01b127e40d3/kyle@gitpod.io is not authorized to perform: ec2:DescribeVpcEndpoints because no VPC endpoint policy allows the ec2:DescribeVpcEndpoints action
Usage:
  gitpod-network-check diagnose [flags]

Flags:
  -h, --help   help for diagnose

Global Flags:
      --config string          config file (default is ./gitpod-network-check.yaml)
      --https-hosts strings    Hosts to test for outbound HTTPS connectivity
      --log-level string       set log level verbosity (options: debug, info, error, warning) (default "info")
      --main-subnets strings   List of main subnets
      --pod-subnets strings    List of pod subnets
      --region string          AWS Region to create the cell in (default "eu-central-1")

FATA[0000] error in the cli. exiting                     error="❌ failed to check prerequisites: operation error EC2: DescribeVpcEndpoints, https response error StatusCode: 403, RequestID: 11fbbe58-e0d7-4725-9062-3f8faa52afae, api error UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::353572503587:assumed-role/AWSReservedSSO_EngineerAdmin_TestAccounts_3h_106ea01b127e40d3/kyle@gitpod.io is not authorized to perform: ec2:DescribeVpcEndpoints because no VPC endpoint policy allows the ec2:DescribeVpcEndpoints action"
exit status 1

2. use t3.micro from me-central-1 (notice it uses t3.micro, t2.micro and t3a.micro are not supported)

 go run . diagnose
INFO[0000] ✅ Main Subnets are valid
INFO[0000] ✅ Pod Subnets are valid
INFO[0000] ℹ️  Checking prerequisites
INFO[0000] ✅ VPC endpoint com.amazonaws.me-central-1.ec2messages is configured
INFO[0001] ✅ VPC endpoint com.amazonaws.me-central-1.ssm is configured
INFO[0001] ✅ VPC endpoint com.amazonaws.me-central-1.ssmmessages is configured
INFO[0001] ✅ VPC endpoint com.amazonaws.me-central-1.execute-api is configured
INFO[0002] ✅ IAM role created and policy attached
INFO[0002] ℹ️  Launching EC2 instances in Main subnets
INFO[0003] ℹ️  Created security group with ID: sg-0d30764d969921308
INFO[0004] ℹ️  Instance type t3.micro shall be used
INFO[0010] ℹ️  Created security group with ID: sg-0dfdcd90b42f5f5f4
INFO[0011] ℹ️  Instance type t3.micro shall be used
INFO[0013] ℹ️  Main EC2 instances: [i-0111b38617521800c i-0521a339f1b711679]
INFO[0013] ℹ️  Launching EC2 instances in a Pod subnets
INFO[0014] ℹ️  Created security group with ID: sg-0e59286865349f237
INFO[0015] ℹ️  Instance type t3.micro shall be used
INFO[0018] ℹ️  Created security group with ID: sg-074d203a31493a694
INFO[0020] ℹ️  Instance type t3.micro shall be used
INFO[0022] ℹ️  Pod EC2 instances: [i-04c07570ddb37096f i-06f1dab32282259ce]
INFO[0022] ℹ️  Waiting for EC2 instances to become ready (can take up to 2 minutes)
INFO[0028] ✅ EC2 Instances are now running successfully
INFO[0028] ℹ️  Connecting to SSM...
INFO[0106] ℹ️  Checking if the required AWS Services can be reached from the ec2 instances
INFO[0109] ✅ Autoscaling is available
INFO[0110] ✅ CloudFormation is available
INFO[0112] ✅ CloudWatch is available
INFO[0113] ✅ EC2 is available
INFO[0114] ✅ EC2messages is available
INFO[0116] ✅ ECR is available
INFO[0117] ✅ ECR Api is available
INFO[0119] ✅ EKS is available
INFO[0120] ✅ Elastic LoadBalancing is available
INFO[0121] ✅ KMS is available
INFO[0123] ✅ Kinesis Firehose is available
INFO[0124] ✅ SSM is available
INFO[0126] ✅ SSMmessages is available
INFO[0127] ✅ SecretsManager is available
INFO[0128] ✅ Sts is available
INFO[0128] ℹ️  Checking if certain AWS Services can be reached from ec2 instances in the main subnet
INFO[0129] ✅ DynamoDB is available
INFO[0130] ✅ S3 is available
INFO[0132] ✅ Instances terminated
INFO[0132] Cleaning up: Waiting for 2 minutes so network interfaces are deleted

Documentation

/hold