From 77b852c058d4e16764f353a761050d06a4302762 Mon Sep 17 00:00:00 2001 From: badra001 Date: Wed, 25 Mar 2026 13:47:27 -0400 Subject: [PATCH] * 1.6.1 -- 2026-03-25 - policies/sc-servicecatalog-t2 - granted select ec2 permissions --- CHANGELOG.md | 4 ++++ common/version.tf | 2 +- policies/sc-servicecatalog-t2/policy.tf | 22 ++++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5055ff9..c03df1a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -81,3 +81,7 @@ - created policies - policies/sc-readonly - included AWSSupportAccess in this policy + +* 1.6.1 -- 2026-03-25 + - policies/sc-servicecatalog-t2 + - granted select ec2 permissions diff --git a/common/version.tf b/common/version.tf index 2cc7061..78e6e8d 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "1.6.0" + _module_version = "1.6.1" } diff --git a/policies/sc-servicecatalog-t2/policy.tf b/policies/sc-servicecatalog-t2/policy.tf index 425ab7f..77c67fb 100644 --- a/policies/sc-servicecatalog-t2/policy.tf +++ b/policies/sc-servicecatalog-t2/policy.tf @@ -10,4 +10,26 @@ data "aws_iam_policy_document" "inline" { ] resources = ["*"] } + statement { + sid = "EC2Actions" + effect = "Allow" + actions = [ + "ec2:StopInstances", + "ec2:StartInstances", + "ec2:RunInstances", + "ec2:RebootInstances", + "ec2:ModifyInstanceAttribute", + "ec2:DescribeVolumesModifications", + "ec2:DescribeVolumes", + "ec2:DescribeVolumeStatus", + "ec2:DescribeVolumeAttribute", + "ec2:DescribeTags", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSecurityGroupRules", + "ec2:AssociateSecurityGroupVpc", + "ec2:GetSecurityGroupsForVpc", + ] + resources = ["*"] + } } +