From a9c73b277e8edf0681e5100ed7f42a240686ff2a Mon Sep 17 00:00:00 2001
From: Daniele Lisi <danielelisi978@gmail.com>
Date: Fri, 7 Feb 2020 06:33:28 -0800
Subject: [PATCH] Add `iam:{Create,Delete}OpenIDProviderConnect` to required
 IAM policies (#729)

---
 CHANGELOG.md            | 2 +-
 docs/iam-permissions.md | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fb62a4d..0213bb4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,7 +14,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 - [CI] Bump pre-commit-terraform version (by @barryib)
 - Added example `examples/irsa` for IAM Roles for Service Accounts (by @max-rocket-internet)
 - **Breaking:** Removal of autoscaling IAM policy and tags (by @max-rocket-internet)
-- Add `iam:GetOpenIDConnectProvider` grant to the required IAM permissions in `docs/iam-permissions.md` (by @danielelisi)
+- Add `iam:{Create,Delete,Get}OpenIDConnectProvider` grants to the list of required IAM permissions in `docs/iam-permissions.md` (by @danielelisi)
 
 #### Important notes
 
diff --git a/docs/iam-permissions.md b/docs/iam-permissions.md
index 9c15083..f0e1611 100644
--- a/docs/iam-permissions.md
+++ b/docs/iam-permissions.md
@@ -86,11 +86,13 @@ Following IAM permissions are the minimum permissions needed for your IAM user o
                 "iam:AddRoleToInstanceProfile",
                 "iam:AttachRolePolicy",
                 "iam:CreateInstanceProfile",
+		"iam:CreateOpenIDConnectProvider",
                 "iam:CreateServiceLinkedRole",
                 "iam:CreatePolicy",
                 "iam:CreatePolicyVersion",
                 "iam:CreateRole",
                 "iam:DeleteInstanceProfile",
+		"iam:DeleteOpenIDConnectProvider",
                 "iam:DeletePolicy",
                 "iam:DeleteRole",
                 "iam:DeleteRolePolicy",