From fc022db0cfa9aff6c612592ce51587600e24c9b9 Mon Sep 17 00:00:00 2001
From: Shane Starcher <shanestarcher@gmail.com>
Date: Thu, 8 Feb 2018 08:15:41 -0500
Subject: [PATCH 1/3] master node requires DescribeRegions when using a bucket
 from another account

---
 pkg/model/iam/iam_builder.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go
index 58448642cc..d0aebe4f2c 100644
--- a/pkg/model/iam/iam_builder.go
+++ b/pkg/model/iam/iam_builder.go
@@ -553,6 +553,7 @@ func addMasterEC2Policies(p *Policy, resource stringorslice.StringOrSlice, legac
 				Effect: StatementEffectAllow,
 				Action: stringorslice.Slice([]string{
 					"ec2:DescribeInstances",      // aws.go
+					"ec2:DescribeRegions",        // s3context.go
 					"ec2:DescribeRouteTables",    // aws.go
 					"ec2:DescribeSecurityGroups", // aws.go
 					"ec2:DescribeSubnets",        // aws.go

From ffc92d4da34070a6b5edc055d72bf2c65f32b89b Mon Sep 17 00:00:00 2001
From: Shane Starcher <shanestarcher@gmail.com>
Date: Thu, 8 Feb 2018 10:52:07 -0500
Subject: [PATCH 2/3] updating the test

---
 pkg/model/iam/tests/iam_builder_master_strict.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/model/iam/tests/iam_builder_master_strict.json b/pkg/model/iam/tests/iam_builder_master_strict.json
index 5e90e17e2d..53d9d4bebf 100644
--- a/pkg/model/iam/tests/iam_builder_master_strict.json
+++ b/pkg/model/iam/tests/iam_builder_master_strict.json
@@ -6,6 +6,7 @@
       "Effect": "Allow",
       "Action": [
         "ec2:DescribeInstances",
+        "ec2:DescribeRegions",
         "ec2:DescribeRouteTables",
         "ec2:DescribeSecurityGroups",
         "ec2:DescribeSubnets",

From b1fdb35118f80b300242a6d29adb961d1f8546d4 Mon Sep 17 00:00:00 2001
From: Shane Starcher <shanestarcher@gmail.com>
Date: Thu, 8 Feb 2018 11:12:51 -0500
Subject: [PATCH 3/3] fixing ecr policy test

---
 pkg/model/iam/tests/iam_builder_master_strict_ecr.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json
index 54f0563281..d297f754a4 100644
--- a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json
+++ b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json
@@ -6,6 +6,7 @@
       "Effect": "Allow",
       "Action": [
         "ec2:DescribeInstances",
+        "ec2:DescribeRegions",
         "ec2:DescribeRouteTables",
         "ec2:DescribeSecurityGroups",
         "ec2:DescribeSubnets",