docs: add CreateTags for Easy Setup of CNI Addon

[hofq]

Description

For easy setup of the CNI Addon as in the Example, the CreateTags Permission is missing.

Checklist

• Added tests that cover your change (if possible)
• Added/modified documentation as required (such as the README.md, or the userdocs directory)
• Manually tested
• Made sure the title of the PR is a good description that can go into the release notes
• (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

• Backfilled missing tests for code in same general area 🎉
• Refactored something and made the world a better place 🌟

[cPu1]

Hi @hofq, VPC CNI needs the ec2:CreateTags permission only on network interfaces, but the proposed change will allow it access to all resource types due to the * wildcard.

This list is also obsolete as it's missing permissions to other actions like ec2:DescribeSubnets which is required for the relatively new prefix mode feature. I would recommend removing attachPolicy from this example and instead link to this official page.

Also, unless you're scoping down permissions for your specific use case, it's recommended to use the leave attachPolicy and attachPolicyARNs unset for vpc-cni as eksctl will default to the recommended AmazonEKS_CNI_Policy managed policy.