From aedc42008a108d38b7faec049205acda7c2b6f15 Mon Sep 17 00:00:00 2001
From: Simon Kok <mail@simonkok.com>
Date: Thu, 28 Mar 2024 16:30:46 +0100
Subject: [PATCH] Add delete default VPC in management account support

**Why?**

To allow the deletion of the Default VPC if one were to manage the management
account via ADF's Account Management (adf-accounts).

**What?**

Added the missing permissions to delete and describe the default VPCs in the
management account.
---
 .../bootstrap_repository/adf-build/global.yml         | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/global.yml b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/global.yml
index ec598e675..cd78d0ceb 100644
--- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/global.yml
+++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/global.yml
@@ -99,6 +99,17 @@ Resources:
           - Effect: Allow
             Action:
               - cloudformation:ValidateTemplate
+              - ec2:DeleteInternetGateway
+              - ec2:DeleteNetworkInterface
+              - ec2:DeleteRouteTable
+              - ec2:DeleteSubnet
+              - ec2:DeleteVpc
+              - ec2:DescribeInternetGateways
+              - ec2:DescribeNetworkInterfaces
+              - ec2:DescribeRegions
+              - ec2:DescribeRouteTables
+              - ec2:DescribeSubnets
+              - ec2:DescribeVpcs
               - iam:CreateAccountAlias
               - iam:DeleteAccountAlias
               - iam:ListAccountAliases