OCPBUGS-25440: ic: aws: add iam:TagInstanceProfile permission

r4f4 · r4f4 · commit d3dadf12a086 · 2023-12-15T09:48:56.000+01:00
requirement Since #7510, IPI installs fail if the permission is missing: ``` level=error msg=Error: creating IAM Instance Profile (ci-op-4hw2rz1v-49c30-zt9vx-worker-profile): AccessDenied: User: arn:aws:iam::301721915996:user/ci-op-4hw2rz1v-49c30-minimal-perm is not authorized to perform: iam:TagInstanceProfile on resource: arn:aws:iam::301721915996:instance-profile/ci-op-4hw2rz1v-49c30-zt9vx-worker-profile because no identity-based policy allows the iam:TagInstanceProfile action ```
diff --git a/pkg/asset/installconfig/aws/permissions.go b/pkg/asset/installconfig/aws/permissions.go
@@ -136,6 +136,7 @@ var permissions = map[PermissionGroup][]string{
 		"iam:PutRolePolicy",
 		"iam:RemoveRoleFromInstanceProfile",
 		"iam:SimulatePrincipalPolicy",
+		"iam:TagInstanceProfile",
 		"iam:TagRole",
 
 		// Route53 related perms
