From cff13e3f4bfcaad18e47922b7bdac9f0376167f5 Mon Sep 17 00:00:00 2001
From: Roohi <roohisyeda@cloudera.com>
Date: Thu, 7 Mar 2024 11:48:49 -0800
Subject: [PATCH] DWX-17748 Modify cdw-policies to support
 DescribeInstanceTypes operation

---
 aws-iam-policies/docs/restricted-policy-doc-1.json5 | 5 ++++-
 aws-iam-policies/reduced-permissions-mode.json      | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/aws-iam-policies/docs/restricted-policy-doc-1.json5 b/aws-iam-policies/docs/restricted-policy-doc-1.json5
index 09e4d02..e59d473 100644
--- a/aws-iam-policies/docs/restricted-policy-doc-1.json5
+++ b/aws-iam-policies/docs/restricted-policy-doc-1.json5
@@ -198,10 +198,13 @@
         "ec2:CreateTags",
         // Tag subnets and eks security group
         // See footnote 2
-        "ec2:CreateKeyPair"
+        "ec2:CreateKeyPair",
         // Create ssh Public key pair, pass to ec2
         // instances. Not required if passed/set/
         // reused via CB
+        "ec2:DescribeInstanceTypes"
+        // validate whether instance type is supported in a
+        // region or not
       ],
       "Resource": "*"
     },
diff --git a/aws-iam-policies/reduced-permissions-mode.json b/aws-iam-policies/reduced-permissions-mode.json
index db9a704..0d0a069 100644
--- a/aws-iam-policies/reduced-permissions-mode.json
+++ b/aws-iam-policies/reduced-permissions-mode.json
@@ -140,6 +140,7 @@
                 "ec2:DescribeSubNets",
                 "ec2:DescribeVpcAttribute",
                 "ec2:DescribeVpcs",
+                "ec2:DescribeInstanceTypes",
                 "iam:ListAttachedRolePolicies",
                 "iam:SimulatePrincipalPolicy",
                 "s3:GetBucketLocation",