Merge pull request #77511 from bscott-rh/OSDOCS-10900

bscott-rh · web-flow · commit d48583a9950d · 2024-06-18T10:30:54.000-04:00
OSDOCS-10900 adding new required permissions for AWS install
diff --git a/modules/installation-aws-permissions.adoc b/modules/installation-aws-permissions.adoc
@@ -46,6 +46,7 @@ cluster, the IAM user requires the following permissions:
 * `ec2:DescribeNetworkAcls`
 * `ec2:DescribeNetworkInterfaces`
 * `ec2:DescribePrefixLists`
+* `ec2:DescribePublicIpv4Pools` (only required if `publicIpv4Pool` is specified in `install-config.yaml`)
 * `ec2:DescribeRegions`
 * `ec2:DescribeRouteTables`
 * `ec2:DescribeSecurityGroupRules`
@@ -58,6 +59,7 @@ cluster, the IAM user requires the following permissions:
 * `ec2:DescribeVpcClassicLinkDnsSupport`
 * `ec2:DescribeVpcEndpoints`
 * `ec2:DescribeVpcs`
+* `ec2:DisassociateAddress` (only required if `publicIpv4Pool` is specified in `install-config.yaml`)
 * `ec2:GetEbsDefaultKmsKeyId`
 * `ec2:ModifyInstanceAttribute`
 * `ec2:ModifyNetworkInterfaceAttribute`
@@ -119,6 +121,7 @@ If you use an existing Virtual Private Cloud (VPC), your account does not requir
 * `elasticloadbalancing:RegisterInstancesWithLoadBalancer`
 * `elasticloadbalancing:RegisterTargets`
 * `elasticloadbalancing:SetLoadBalancerPoliciesOfListener`
+* `elasticloadbalancing:SetSecurityGroups`
 
 [IMPORTANT]
 =====
@@ -192,6 +195,7 @@ If you have not created a load balancer in your AWS account, the IAM user also r
 * `s3:GetReplicationConfiguration`
 * `s3:ListBucket`
 * `s3:PutBucketAcl`
+* `s3:PutBucketPolicy`
 * `s3:PutBucketTagging`
 * `s3:PutEncryptionConfiguration`
 ====
