You'll need to create / use a few security groups, IAM roles, etc. I recommend naming them all aminator
to make it easy to remember what they're for. If you're following along, I've already set these up.
Create a IAM Role for AWS EC2 with the following custom security policy:
{
"Statement": [