Allow associating additional CIDR blocks to VPC (#26)

* Allow associating additional VPC CIDR blocks to VPC * Also add to provisioner
unionai · Mar 15, 2024 · d1af56f · d1af56f
1 parent 9e6e997
commit d1af56f
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/union-ai-admin/aws/gen/unionai-provisioner-role.template.yaml b/union-ai-admin/aws/gen/unionai-provisioner-role.template.yaml
@@ -78,6 +78,7 @@ Resources:
               - ec2:DeleteFlowLogs
               - ec2:CreateFlowLogs
               - ec2:CreateVpc
+              - ec2:AssociateVpcCidrBlock
               - ec2:ReleaseAddress
               - ec2:CreateTags
               - ec2:RunInstances

diff --git a/union-ai-admin/aws/script/generate.py b/union-ai-admin/aws/script/generate.py
@@ -546,6 +546,7 @@ def create_provisioner_policy(role_type):
                         Action("ec2", "DeleteFlowLogs"),
                         Action("ec2", "CreateFlowLogs"),
                         Action("ec2", "CreateVpc"),
+                        Action("ec2", "AssociateVpcCidrBlock"),
                         Action("ec2", "ReleaseAddress"),
                         Action("ec2", "CreateTags"),
                         Action("ec2", "RunInstances"),

diff --git a/union-ai-admin/aws/union-ai-admin-role.template.yaml b/union-ai-admin/aws/union-ai-admin-role.template.yaml
@@ -187,6 +187,7 @@ Resources:
               - 'ec2:DeleteVpc'
               - 'ec2:CreateSubnet'
               - 'ec2:DescribeVpcAttribute'
+              - 'ec2:AssociateVpcCidrBlock'
             Resource:
               - !Sub 'arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:vpc/*'
           - Sid: VisualEditor9