Added detachvolume for BYOVPC (#311)

Added the following actions for cross-account role:

* ec2:AllocateAddress 
* ec2:CreateNatGateway
* ec2:CreateRouteTable
* ec2:CreateVpcEndpoint
* ec2:DeleteDhcpOptions
* ec2:DeleteNatGateway
* ec2:DeleteVpcEndpoints
* ec2:DescribeNatGateways
* ec2:DisassociateRouteTable
* ec2:ReleaseAddress
* ec2:DetachVolume

Author: stikkireddy

access/data_aws_policies.go

@@ -89,6 +89,17 @@ func DataAwsCrossAccountRolicy() *schema.Resource {
 							"ec2:CreatePlacementGroup",
 							"ec2:DeletePlacementGroup",
 							"ec2:DescribePlacementGroups",
+							"ec2:AllocateAddress",
+							"ec2:CreateNatGateway",
+							"ec2:CreateRouteTable",
+							"ec2:CreateVpcEndpoint",
+							"ec2:DeleteDhcpOptions",
+							"ec2:DeleteNatGateway",
+							"ec2:DeleteVpcEndpoints",
+							"ec2:DescribeNatGateways",
+							"ec2:DisassociateRouteTable",
+							"ec2:ReleaseAddress",
+							"ec2:DetachVolume",
 						},
 						Resources: "*",
 					},

access/data_aws_policies_test.go

@@ -16,7 +16,7 @@ func TestDataAwsCrossAccountRolicy(t *testing.T) {
 	}.Apply(t)
 	assert.NoError(t, err)
 	j := d.Get("json")
-	assert.Lenf(t, j, 2401, "Strange length for policy: %s", j)
+	assert.Lenf(t, j, 2759, "Strange length for policy: %s", j)
 }
 
 func TestDataAwsCrossAccountRolicy_WithPassRoles(t *testing.T) {
@@ -29,7 +29,7 @@ func TestDataAwsCrossAccountRolicy_WithPassRoles(t *testing.T) {
 	}.Apply(t)
 	assert.NoError(t, err)
 	j := d.Get("json")
-	assert.Lenf(t, j, 2537, "Strange length for policy: %s", j)
+	assert.Lenf(t, j, 2895, "Strange length for policy: %s", j)
 }
 
 func TestDataAwsAssumeRolePolicy(t *testing.T) {