Move CreateTags permission for ENIs to match Instances

[fahlmant]

What type of PR is this?

Refactor

What this PR does / why we need it?

This moves the permissions for creating tags on ENIs to match the same restrictions for tagging Instances. Specifically, this change meets the following criteria:

• ENIs must be tagged with red-hat-managed: true
• ENIs cannot be tagged after creation
• ENIs can only be tagged when created as part of a call to RunInstances (creating an EC2 instance).

[fahlmant]

/hold for discussion

[rafael-azevedo]

/hold cancel

[rafael-azevedo]

/lgtm

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fahlmant, rafael-azevedo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ~~resources/sts/OWNERS~~ [fahlmant,rafael-azevedo]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

[rafael-azevedo]

/hold

[fahlmant]

/hold cancel

[openshift-ci[bot]]

@fahlmant: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.