Add two missing VPC permissions (#37896)

Remove VPC permissions from network-policy.json as they mostly duplicate
compute-policy.json permissions - separating the VPC and compute permissions
would likely lead to further confusion.

2 files changed, 2 insertions, 15 deletions

diff --git a/hacking/aws_config/testing_policies/compute-policy.json b/hacking/aws_config/testing_policies/compute-policy.json
index b644d195f8..c9f31a4062 100644
--- a/hacking/aws_config/testing_policies/compute-policy.json
+++ b/hacking/aws_config/testing_policies/compute-policy.json
@@ -77,8 +77,10 @@
                 "ec2:Describe*",
                 "ec2:DisassociateAddress",
                 "ec2:DisassociateRouteTable",
+                "ec2:DisassociateSubnetCidrBlock",
                 "ec2:ImportKeyPair",
                 "ec2:ModifyImageAttribute",
+                "ec2:ModifySubnetAttribute",
                 "ec2:ModifyVpcAttribute",
                 "ec2:RegisterImage",
                 "ec2:ReleaseAddress",
diff --git a/hacking/aws_config/testing_policies/network-policy.json b/hacking/aws_config/testing_policies/network-policy.json
index d5035c7f67..a5f921be86 100644
--- a/hacking/aws_config/testing_policies/network-policy.json
+++ b/hacking/aws_config/testing_policies/network-policy.json
@@ -2,21 +2,6 @@
     "Version": "2012-10-17",
     "Statement": [
         {
-            "Sid": "ManageVPCsForRoute53Testing",
-            "Effect": "Allow",
-            "Action": [
-                "ec2:CreateTags",
-                "ec2:CreateVpc",
-                "ec2:DeleteVpc",
-                "ec2:DescribeTags",
-                "ec2:DescribeVpcAttribute",
-                "ec2:DescribeVpcClassicLink",
-                "ec2:DescribeVpcs",
-                "ec2:ModifyVpcAttribute"
-            ],
-            "Resource": "*"
-        },
-        {
             "Sid": "ManageRoute53ForTests",
             "Effect": "Allow",
             "Action": [