From 03e18d37afccd4f3cc7deb9bbe88a1da85159952 Mon Sep 17 00:00:00 2001
From: Kashif Saadat <kashifsaadat@gmail.com>
Date: Fri, 10 Aug 2018 16:47:20 +0100
Subject: [PATCH] Add AWS IAM permission to check for volume resize

---
 pkg/model/iam/iam_builder.go                          | 11 ++++++-----
 pkg/model/iam/tests/iam_builder_master_strict.json    |  1 +
 .../iam/tests/iam_builder_master_strict_ecr.json      |  1 +
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go
index 8ce82aed78eeb..ae0ebde9bb7c5 100644
--- a/pkg/model/iam/iam_builder.go
+++ b/pkg/model/iam/iam_builder.go
@@ -631,11 +631,12 @@ func addMasterEC2Policies(p *Policy, resource stringorslice.StringOrSlice, legac
 			&Statement{
 				Effect: StatementEffectAllow,
 				Action: stringorslice.Slice([]string{
-					"ec2:CreateSecurityGroup",     // aws.go
-					"ec2:CreateTags",              // aws.go, tag.go
-					"ec2:CreateVolume",            // aws.go
-					"ec2:ModifyInstanceAttribute", // aws.go
-					"ec2:ModifyVolume",            // aws.go
+					"ec2:CreateSecurityGroup",          // aws.go
+					"ec2:CreateTags",                   // aws.go, tag.go
+					"ec2:CreateVolume",                 // aws.go
+					"ec2:DescribeVolumesModifications", // aws.go
+					"ec2:ModifyInstanceAttribute",      // aws.go
+					"ec2:ModifyVolume",                 // aws.go
 				}),
 				Resource: resource,
 			},
diff --git a/pkg/model/iam/tests/iam_builder_master_strict.json b/pkg/model/iam/tests/iam_builder_master_strict.json
index 0a6184e91414b..4817ba5cb0093 100644
--- a/pkg/model/iam/tests/iam_builder_master_strict.json
+++ b/pkg/model/iam/tests/iam_builder_master_strict.json
@@ -21,6 +21,7 @@
         "ec2:CreateSecurityGroup",
         "ec2:CreateTags",
         "ec2:CreateVolume",
+        "ec2:DescribeVolumesModifications",
         "ec2:ModifyInstanceAttribute",
         "ec2:ModifyVolume"
       ],
diff --git a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json
index 5ee29e0c3d59f..11170f5c71839 100644
--- a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json
+++ b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json
@@ -21,6 +21,7 @@
         "ec2:CreateSecurityGroup",
         "ec2:CreateTags",
         "ec2:CreateVolume",
+        "ec2:DescribeVolumesModifications",
         "ec2:ModifyInstanceAttribute",
         "ec2:ModifyVolume"
       ],