From 92d05ae6760713d79bc2462452565e37035788a1 Mon Sep 17 00:00:00 2001
From: Glenn Schlereth <Glenn.Schlereth@gmail.com>
Date: Fri, 4 Feb 2022 16:45:15 -0300
Subject: [PATCH] Update EC2 IAM Profile to least privilege required

Change overly permissive IAM Profile from using wildcard in list of
actions required. Explictly define the 4 required ec2:Associate*
Realized while investigating issue #14383, though change does not
resolve that issue
---
 docs/deploy-from-ansible.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/deploy-from-ansible.md b/docs/deploy-from-ansible.md
index 5bcb87d..15a486b 100644
--- a/docs/deploy-from-ansible.md
+++ b/docs/deploy-from-ansible.md
@@ -170,9 +170,12 @@ Additional variables:
                 "ec2:CreateVpc",
                 "ec2:DescribeInternetGateways",
                 "ec2:ModifyVpcAttribute",
-                "ec2:createTags",
+                "ec2:CreateTags",
                 "ec2:CreateSubnet",
-                "ec2:Associate*",
+                "ec2:AssociateVpcCidrBlock",
+                "ec2:AssociateSubnetCidrBlock",
+                "ec2:AssociateRouteTable",
+                "ec2:AssociateAddress",
                 "ec2:CreateRouteTable",
                 "ec2:AttachInternetGateway",
                 "ec2:DescribeRouteTables",