@@ -14,8 +14,6 @@ cluster, the IAM user requires the following permissions:
1414.Required EC2 permissions for installation
1515[%collapsible]
1616====
17- * `ec2:AllocateAddress`
18- * `ec2:AssociateAddress`
1917* `ec2:AuthorizeSecurityGroupEgress`
2018* `ec2:AuthorizeSecurityGroupIngress`
2119* `ec2:CopyImage`
@@ -57,7 +55,6 @@ cluster, the IAM user requires the following permissions:
5755* `ec2:GetEbsDefaultKmsKeyId`
5856* `ec2:ModifyInstanceAttribute`
5957* `ec2:ModifyNetworkInterfaceAttribute`
60- * `ec2:ReleaseAddress`
6158* `ec2:RevokeSecurityGroupEgress`
6259* `ec2:RevokeSecurityGroupIngress`
6360* `ec2:RunInstances`
@@ -67,6 +64,8 @@ cluster, the IAM user requires the following permissions:
6764.Required permissions for creating network resources during installation
6865[%collapsible]
6966====
67+ * `ec2:AllocateAddress`
68+ * `ec2:AssociateAddress`
7069* `ec2:AssociateDhcpOptions`
7170* `ec2:AssociateRouteTable`
7271* `ec2:AttachInternetGateway`
@@ -230,6 +229,7 @@ If you have not created an elastic load balancer (ELB) in your AWS account, the
230229* `ec2:DeleteVpcEndpoints`
231230* `ec2:DetachInternetGateway`
232231* `ec2:DisassociateRouteTable`
232+ * `ec2:ReleaseAddress`
233233* `ec2:ReplaceRouteTableAssociation`
234234
235235[NOTE]
@@ -238,6 +238,12 @@ If you use an existing VPC, your account does not require these permissions to d
238238=====
239239====
240240
241+ .Required permissions to delete a cluster with shared instance roles
242+ [%collapsible]
243+ ====
244+ * `iam:UntagRole`
245+ ====
246+
241247.Additional IAM and S3 permissions that are required to create manifests
242248[%collapsible]
243249====
0 commit comments