From 64adbfa61b0b08b2a50bdc3424f065952fdbf30e Mon Sep 17 00:00:00 2001
From: Gavin Frazar <gavin.frazar@goteleport.com>
Date: Mon, 15 Jul 2024 18:00:07 -0700
Subject: [PATCH] update aws oidc db enrollment role permissions

---
 lib/cloud/aws/policy_statements.go                            | 2 ++
 .../teleport/src/Discover/Shared/Aws/ConfigureIamPerms.tsx    | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/cloud/aws/policy_statements.go b/lib/cloud/aws/policy_statements.go
index ead15df770078..07b890ea99aa0 100644
--- a/lib/cloud/aws/policy_statements.go
+++ b/lib/cloud/aws/policy_statements.go
@@ -219,6 +219,8 @@ func StatementForListRDSDatabases() *Statement {
 			"rds:DescribeDBInstances",
 			"rds:DescribeDBClusters",
 			"ec2:DescribeSecurityGroups",
+			"ec2:DescribeSubnets",
+			"ec2:DescribeVpcs",
 		},
 		Resources: allResources,
 	}
diff --git a/web/packages/teleport/src/Discover/Shared/Aws/ConfigureIamPerms.tsx b/web/packages/teleport/src/Discover/Shared/Aws/ConfigureIamPerms.tsx
index 71d1f57364af6..26201a6ea5b69 100644
--- a/web/packages/teleport/src/Discover/Shared/Aws/ConfigureIamPerms.tsx
+++ b/web/packages/teleport/src/Discover/Shared/Aws/ConfigureIamPerms.tsx
@@ -142,7 +142,9 @@ export function ConfigureIamPerms({
       "Action": [
         "rds:DescribeDBInstances",
         "rds:DescribeDBClusters",
-        "ec2:DescribeSecurityGroups"
+        "ec2:DescribeSecurityGroups",
+        "ec2:DescribeSubnets",
+        "ec2:DescribeVpcs"
       ],
       "Resource": "*"
     }