fix: add missing IAM action for emptyRoutesDefaultVPCSecurityGroup option

Author: darkweaver87

cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go

@@ -148,6 +148,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
 				"ec2:ModifyNetworkInterfaceAttribute",
 				"ec2:ModifySubnetAttribute",
 				"ec2:ReleaseAddress",
+				"ec2:RevokeSecurityGroupEgress",
 				"ec2:RevokeSecurityGroupIngress",
 				"ec2:RunInstances",
 				"ec2:TerminateInstances",

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml

@@ -208,6 +208,7 @@ Resources:
           - ec2:ModifyNetworkInterfaceAttribute
           - ec2:ModifySubnetAttribute
           - ec2:ReleaseAddress
+          - ec2:RevokeSecurityGroupEgress
           - ec2:RevokeSecurityGroupIngress
           - ec2:RunInstances
           - ec2:TerminateInstances

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml

@@ -208,6 +208,7 @@ Resources:
           - ec2:ModifyNetworkInterfaceAttribute
           - ec2:ModifySubnetAttribute
           - ec2:ReleaseAddress
+          - ec2:RevokeSecurityGroupEgress
           - ec2:RevokeSecurityGroupIngress
           - ec2:RunInstances
           - ec2:TerminateInstances

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml

@@ -214,6 +214,7 @@ Resources:
           - ec2:ModifyNetworkInterfaceAttribute
           - ec2:ModifySubnetAttribute
           - ec2:ReleaseAddress
+          - ec2:RevokeSecurityGroupEgress
           - ec2:RevokeSecurityGroupIngress
           - ec2:RunInstances
           - ec2:TerminateInstances

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml

@@ -208,6 +208,7 @@ Resources:
           - ec2:ModifyNetworkInterfaceAttribute
           - ec2:ModifySubnetAttribute
           - ec2:ReleaseAddress
+          - ec2:RevokeSecurityGroupEgress
           - ec2:RevokeSecurityGroupIngress
           - ec2:RunInstances
           - ec2:TerminateInstances

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml

@@ -214,6 +214,7 @@ Resources:
           - ec2:ModifyNetworkInterfaceAttribute
           - ec2:ModifySubnetAttribute
           - ec2:ReleaseAddress
+          - ec2:RevokeSecurityGroupEgress
           - ec2:RevokeSecurityGroupIngress
           - ec2:RunInstances
           - ec2:TerminateInstances

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml

@@ -214,6 +214,7 @@ Resources:
           - ec2:ModifyNetworkInterfaceAttribute
           - ec2:ModifySubnetAttribute
           - ec2:ReleaseAddress
+          - ec2:RevokeSecurityGroupEgress
           - ec2:RevokeSecurityGroupIngress
           - ec2:RunInstances
           - ec2:TerminateInstances

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml

@@ -208,6 +208,7 @@ Resources:
           - ec2:ModifyNetworkInterfaceAttribute
           - ec2:ModifySubnetAttribute
           - ec2:ReleaseAddress
+          - ec2:RevokeSecurityGroupEgress
           - ec2:RevokeSecurityGroupIngress
           - ec2:RunInstances
           - ec2:TerminateInstances

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml

@@ -208,6 +208,7 @@ Resources:
           - ec2:ModifyNetworkInterfaceAttribute
           - ec2:ModifySubnetAttribute
           - ec2:ReleaseAddress
+          - ec2:RevokeSecurityGroupEgress
           - ec2:RevokeSecurityGroupIngress
           - ec2:RunInstances
           - ec2:TerminateInstances

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml

@@ -208,6 +208,7 @@ Resources:
           - ec2:ModifyNetworkInterfaceAttribute
           - ec2:ModifySubnetAttribute
           - ec2:ReleaseAddress
+          - ec2:RevokeSecurityGroupEgress
           - ec2:RevokeSecurityGroupIngress
           - ec2:RunInstances
           - ec2:TerminateInstances