Merge branch 'master' into opensearch

mattclay · Jan 28, 2022 · b677f4a · b677f4a
2 parents 4412fea + 7c0b8ea
commit b677f4a
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/aws/policy/compute.yaml b/aws/policy/compute.yaml
@@ -65,11 +65,13 @@ Statement:
       - ec2:CreateKeyPair
       - ec2:CreateLaunchTemplate
       - ec2:CreateLaunchTemplateVersion
+      - ec2:CreatePlacementGroup
       - ec2:CreateSnapshot
       - ec2:CreateTags
       - ec2:DeleteKeyPair
       - ec2:DeleteLaunchTemplate
       - ec2:DeleteLaunchTemplateVersions
+      - ec2:DeletePlacementGroup
       - ec2:DeleteSnapshot
       - ec2:DeleteTags
       - ec2:DeregisterImage

diff --git a/aws/policy/data-services.yaml b/aws/policy/data-services.yaml
@@ -103,6 +103,9 @@ Statement:
       - rds:DeleteDBClusterSnapshot
       - rds:CreateDBSnapshot
       - rds:DeleteDBSnapshot
+      - rds:DescribeExportTasks
+      - rds:StartExportTask
+      - rds:CancelExportTask
     Resource:
       - 'arn:aws:dms:{{ aws_region }}:{{ aws_account_id }}:subgrp:*'
       - 'arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table/*'

diff --git a/aws/policy/security-services.yaml b/aws/policy/security-services.yaml
@@ -155,6 +155,7 @@ Statement:
       - 'arn:aws:iam::{{ aws_account_id }}:role/ansible-test-*'
       # This is hard coded into DMS...
       - 'arn:aws:iam::{{ aws_account_id }}:role/dms-vpc-role'
+      - 'arn:aws:iam::{{ aws_account_id }}:role/rds_export_task'
   # This allows AWS Services to autmatically create their Default Service Linked Roles
   # These have fixed policies and can only be assumed by the service itself.
   - Sid: AllowServiceLinkedRoleCreation