Update AWS IAM permissions for VPC connected Lambda function (#28789)

x-pack/functionbeat/docs/iam-permissions.asciidoc

@@ -66,7 +66,10 @@ function that collects events from CloudWatch logs.
                 "s3:DeleteObject",
                 "s3:ListBucket",
                 "s3:PutObject",
-                "s3:GetObject"
+                "s3:GetObject",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeVpcs"
             ],
             "Resource": "*"
         }
@@ -122,7 +125,10 @@ function that reads from SQS queues or Kinesis data streams.
                 "s3:DeleteObject",
                 "s3:ListBucket",
                 "s3:PutObject",
-                "s3:GetObject"
+                "s3:GetObject",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeVpcs"
             ],
             "Resource": "*"
         }