Merge pull request #7658 from mikesplain/automated-cherry-pick-of-#75…

…80-origin-release-1.15

Automated cherry pick of #7580: Updating master IAM policies.

pkg/model/iam/iam_builder.go

@@ -629,12 +629,14 @@ func addMasterEC2Policies(p *Policy, resource stringorslice.StringOrSlice, legac
 			&Statement{
 				Effect: StatementEffectAllow,
 				Action: stringorslice.Slice([]string{
-					"ec2:DescribeInstances",      // aws.go
-					"ec2:DescribeRegions",        // s3context.go
-					"ec2:DescribeRouteTables",    // aws.go
-					"ec2:DescribeSecurityGroups", // aws.go
-					"ec2:DescribeSubnets",        // aws.go
-					"ec2:DescribeVolumes",        // aws.go
+					"ec2:DescribeAccountAttributes", // aws.go
+					"ec2:DescribeInstances",         // aws.go
+					"ec2:DescribeInternetGateways",  // aws.go
+					"ec2:DescribeRegions",           // s3context.go
+					"ec2:DescribeRouteTables",       // aws.go
+					"ec2:DescribeSecurityGroups",    // aws.go
+					"ec2:DescribeSubnets",           // aws.go
+					"ec2:DescribeVolumes",           // aws.go
 				}),
 				Resource: resource,
 			},

pkg/model/iam/tests/iam_builder_master_strict.json

@@ -4,7 +4,9 @@
     {
       "Effect": "Allow",
       "Action": [
+        "ec2:DescribeAccountAttributes",
         "ec2:DescribeInstances",
+        "ec2:DescribeInternetGateways",
         "ec2:DescribeRegions",
         "ec2:DescribeRouteTables",
         "ec2:DescribeSecurityGroups",

pkg/model/iam/tests/iam_builder_master_strict_ecr.json

@@ -4,7 +4,9 @@
     {
       "Effect": "Allow",
       "Action": [
+        "ec2:DescribeAccountAttributes",
         "ec2:DescribeInstances",
+        "ec2:DescribeInternetGateways",
         "ec2:DescribeRegions",
         "ec2:DescribeRouteTables",
         "ec2:DescribeSecurityGroups",