[Policies] Add ec2:DeleteTags to the pcluster user role as required by workflows updating the head node instance.

gmarciani · gmarciani · commit d153564ccad0 · 2024-04-10T13:26:24.000+02:00
The permissions has been added to the public CFN template for permissions and in the role assumed by the test framework

Signed-off-by: Giacomo Marciani &lt;mgiacomo@amazon.com&gt;
diff --git a/cloudformation/policies/parallelcluster-policies.yaml b/cloudformation/policies/parallelcluster-policies.yaml
@@ -362,6 +362,7 @@ Resources:
               - ec2:CreateSecurityGroup
               - ec2:CreateSnapshot
               - ec2:CreateTags
+              - ec2:DeleteTags
               - ec2:CreateVolume
               - ec2:DeleteLaunchTemplate
               - ec2:DeleteNetworkInterface
diff --git a/tests/iam_policies/user-role.cfn.yaml b/tests/iam_policies/user-role.cfn.yaml
@@ -303,6 +303,7 @@ Resources:
               - ec2:CreateSecurityGroup
               - ec2:CreateSnapshot
               - ec2:CreateTags
+              - ec2:DeleteTags
               - ec2:CreateVolume
               - ec2:DeleteLaunchTemplate
               - ec2:DeleteNetworkInterface
