fix: add missing permissions to runners IAM role (#437)

There were permissions missing from the IAM role used by the runners, as per the Packer documentation. This adds those missing permissions. Fixes: #436 Signed-off-by: Jaremy Hatler <hatler.jaremy@gmail.com>
jhatler · Jul 11, 2024 · cec1249 · cec1249
1 parent bd7ede9
commit cec1249
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/terraform/stacks/auth/runners.tf b/terraform/stacks/auth/runners.tf
@@ -36,28 +36,38 @@ data "aws_iam_policy_document" "runners_ec2" {
       "ec2:AttachVolume",
       "ec2:AuthorizeSecurityGroupIngress",
       "ec2:CopyImage",
+      "ec2:CreateFleet",
       "ec2:CreateImage",
       "ec2:CreateKeyPair",
+      "ec2:CreateLaunchTemplate",
       "ec2:CreateSecurityGroup",
       "ec2:CreateSnapshot",
       "ec2:CreateTags",
       "ec2:CreateVolume",
       "ec2:DeleteKeyPair",
+      "ec2:DeleteLaunchTemplate",
       "ec2:DeleteSecurityGroup",
       "ec2:DeleteSnapshot",
       "ec2:DeleteVolume",
       "ec2:DeregisterImage",
+      "ec2:DescribeFastLaunchImages",
       "ec2:DescribeImageAttribute",
       "ec2:DescribeImages",
       "ec2:DescribeInstances",
       "ec2:DescribeInstanceStatus",
+      "ec2:DescribeInstanceTypeOfferings",
+      "ec2:DescribeLaunchTemplates",
       "ec2:DescribeRegions",
       "ec2:DescribeSecurityGroups",
       "ec2:DescribeSnapshots",
+      "ec2:DescribeSpotPriceHistory",
       "ec2:DescribeSubnets",
       "ec2:DescribeTags",
       "ec2:DescribeVolumes",
+      "ec2:DescribeVpcs",
       "ec2:DetachVolume",
+      "ec2:EnableFastLaunch",
+      "ec2:EnableImageDeprecation",
       "ec2:GetPasswordData",
       "ec2:ModifyImageAttribute",
       "ec2:ModifyInstanceAttribute",