From 2884e901090635ff6f0358b4e1884804ff719c7e Mon Sep 17 00:00:00 2001
From: Yash Thakkar <ythakkar97@gmail.com>
Date: Mon, 22 Jul 2024 22:17:10 -0700
Subject: [PATCH] updating iam doc with subnet policy (#2992)

* updating iam doc

* adding describe subnet to scoped down policy
---
 docs/iam-policy.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/iam-policy.md b/docs/iam-policy.md
index 7f5c6661e1..4bfe3c2c25 100644
--- a/docs/iam-policy.md
+++ b/docs/iam-policy.md
@@ -22,6 +22,7 @@ In general, you can grant below IAM policies to Amazon VPC CNI plugin depending
                 "ec2:DescribeTags",
                 "ec2:DescribeNetworkInterfaces",
                 "ec2:DescribeInstanceTypes",
+                "ec2:DescribeSubnets",
                 "ec2:DetachNetworkInterface",
                 "ec2:ModifyNetworkInterfaceAttribute",
                 "ec2:UnassignPrivateIpAddresses"
@@ -102,6 +103,7 @@ Note:
                 "ec2:DescribeInstances",
                 "ec2:DescribeTags",
                 "ec2:DescribeNetworkInterfaces",
+                "ec2:DescribeSubnets",
                 "ec2:DescribeInstanceTypes"
             ],
             "Resource": "*"