✨ edge subnets/clusteradm/policy: add Carrier Gateway operations

Add IAM policy on cloudformation templates for clusterawsadm to
manipulate gateways in Wavelength zone: carrier gateway.

Author: mtulio

cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go

@@ -92,6 +92,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
 				"ec2:AssociateRouteTable",
 				"ec2:AttachInternetGateway",
 				"ec2:AuthorizeSecurityGroupIngress",
+				"ec2:CreateCarrierGateway",
 				"ec2:CreateInternetGateway",
 				"ec2:CreateEgressOnlyInternetGateway",
 				"ec2:CreateNatGateway",
@@ -105,6 +106,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
 				"ec2:CreateVpcEndpoint",
 				"ec2:ModifyVpcAttribute",
 				"ec2:ModifyVpcEndpoint",
+				"ec2:DeleteCarrierGateway",
 				"ec2:DeleteInternetGateway",
 				"ec2:DeleteEgressOnlyInternetGateway",
 				"ec2:DeleteNatGateway",
@@ -118,6 +120,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
 				"ec2:DescribeAccountAttributes",
 				"ec2:DescribeAddresses",
 				"ec2:DescribeAvailabilityZones",
+				"ec2:DescribeCarrierGateways",
 				"ec2:DescribeInstances",
 				"ec2:DescribeInstanceTypes",
 				"ec2:DescribeInternetGateways",

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml

@@ -157,6 +157,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -170,6 +171,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -183,6 +185,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml

@@ -157,6 +157,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -170,6 +171,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -183,6 +185,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml

@@ -157,6 +157,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -170,6 +171,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -183,6 +185,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml

@@ -157,6 +157,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -170,6 +171,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -183,6 +185,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml

@@ -151,6 +151,7 @@ Resources:
           - ec2:AssociateRouteTable
           - ec2:AttachInternetGateway
           - ec2:AuthorizeSecurityGroupIngress
+          - ec2:CreateCarrierGateway
           - ec2:CreateInternetGateway
           - ec2:CreateEgressOnlyInternetGateway
           - ec2:CreateNatGateway
@@ -164,6 +165,7 @@ Resources:
           - ec2:CreateVpcEndpoint
           - ec2:ModifyVpcAttribute
           - ec2:ModifyVpcEndpoint
+          - ec2:DeleteCarrierGateway
           - ec2:DeleteInternetGateway
           - ec2:DeleteEgressOnlyInternetGateway
           - ec2:DeleteNatGateway
@@ -177,6 +179,7 @@ Resources:
           - ec2:DescribeAccountAttributes
           - ec2:DescribeAddresses
           - ec2:DescribeAvailabilityZones
+          - ec2:DescribeCarrierGateways
           - ec2:DescribeInstances
           - ec2:DescribeInstanceTypes
           - ec2:DescribeInternetGateways