feat: add iam policy for aws vpc peering (#37)

Co-authored-by: Benjamin Nelson <[email protected]>
streamnative · Oct 9, 2023 · b67eeae · b67eeae
1 parent 44c9ca7
commit b67eeae
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/modules/aws/files/bootstrap_role_iam_policy.json.tpl b/modules/aws/files/bootstrap_role_iam_policy.json.tpl
@@ -218,6 +218,9 @@
         "ec2:CreateSubnet",
         "ec2:CreateTags",
         "ec2:CreateVpcEndpoint",
+        "ec2:DescribeVpcPeeringConnections",
+        "ec2:CreateVpcPeeringConnection",
+        "ec2:DeleteVpcPeeringConnection",
         "ec2:Detach*",
         "ec2:Release*",
         "ec2:Revoke*",
@@ -244,6 +247,22 @@
         }
       }
     },
+    {
+      "Sid": "AcceptVpcPeering",
+      "Effect": "Allow",
+      "Action": [
+        "ec2:AcceptVpcPeeringConnection"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "EndpointConnectionAccess",
+      "Effect": "Allow",
+      "Action": [
+        "ec2:*VpcEndpointConnections"
+      ],
+      "Resource": "*"
+    }
     {
       "Sid": "SSMStop",
       "Effect": "Allow",

diff --git a/modules/aws/variables.tf b/modules/aws/variables.tf
@@ -16,7 +16,7 @@
 
 variable "sn_policy_version" {
   description = "The value of SNVersion tag"
-  default     = "3.4.0"    # x-release-please-version
+  default     = "3.6.0"    # x-release-please-version
   type        = string
 }