imduffy15/policy.json

## policy.json
{
  "Statement": [
    {
      "Action": [
        "ec2:Describe*",
        "ec2:CreateKeyPair",
        "ec2:DeleteKeyPair",
        "ec2:CreateImage",
        "ec2:DescribeKeyPairs",
        "ec2:CreateSecurityGroup",
        "iam:GetInstanceProfiles",
        "iam:ListInstanceProfiles",
        "ec2:CreateTags"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "iam:PassRole"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:iam::ACCOUNT_ID:role/eu-west-1-inflight_packer_run"
    },
    {
      "Action": [
        "ec2:StartInstances",
        "ec2:StopInstances",
        "ec2:RebootInstances",
        "ec2:TerminateInstances",
        "ec2:ModifyInstanceAttribute",
        "ec2:GetPasswordData",
        "ec2:AttachVolume",
        "ec2:DetachVolume",
        "ec2:CreateSnapshot",
        "ec2:DeleteSnaphot",
        "ec2:AuthorizeSecurityGroup*",
        "ec2:RevokeSecurityGroup*"
      ],
      "Condition": {
        "StringEquals": {
          "ec2:InstanceProfile": "arn:aws:iam::ACCOUNT_ID:instance-profile/eu-west-1-inflight_packer_run"
        }
      },
      "Effect": "Allow",
      "Resource": "arn:aws:ec2:eu-west-1:ACCOUNT_ID:instance/*"
    },
    {
      "Action": "ec2:RunInstances",
      "Condition": {
        "StringEquals": {
          "ec2:InstanceProfile": "arn:aws:iam::ACCOUNT_ID:instance-profile/eu-west-1-inflight_packer_run"
        }
      },
      "Effect": "Allow",
      "Resource": "arn:aws:ec2:eu-west-1:ACCOUNT_ID:instance/*"
    },
    {
      "Action": "ec2:RunInstances",
      "Effect": "Allow",
      "Resource": "arn:aws:ec2:eu-west-1:ACCOUNT_ID:subnet/*"
    },
    {
      "Action": "ec2:RunInstances",
      "Effect": "Allow",
      "Resource": [
        "arn:aws:ec2:eu-west-1:ACCOUNT_ID:volume/*",
        "arn:aws:ec2:eu-west-1::image/*",
        "arn:aws:ec2:eu-west-1::snapshot/*",
        "arn:aws:ec2:eu-west-1:ACCOUNT_ID:network-interface/*",
        "arn:aws:ec2:eu-west-1:ACCOUNT_ID:key-pair/*",
        "arn:aws:ec2:eu-west-1:ACCOUNT_ID:security-group/*"
      ]
    }
  ],
  "Version": "2012-10-17"
}
	{
	"Statement": [
	{
	"Action": [
	"ec2:Describe*",
	"ec2:CreateKeyPair",
	"ec2:DeleteKeyPair",
	"ec2:CreateImage",
	"ec2:DescribeKeyPairs",
	"ec2:CreateSecurityGroup",
	"iam:GetInstanceProfiles",
	"iam:ListInstanceProfiles",
	"ec2:CreateTags"
	],
	"Effect": "Allow",
	"Resource": "*"
	},
	{
	"Action": [
	"iam:PassRole"
	],
	"Effect": "Allow",
	"Resource": "arn:aws:iam::ACCOUNT_ID:role/eu-west-1-inflight_packer_run"
	},
	{
	"Action": [
	"ec2:StartInstances",
	"ec2:StopInstances",
	"ec2:RebootInstances",
	"ec2:TerminateInstances",
	"ec2:ModifyInstanceAttribute",
	"ec2:GetPasswordData",
	"ec2:AttachVolume",
	"ec2:DetachVolume",
	"ec2:CreateSnapshot",
	"ec2:DeleteSnaphot",
	"ec2:AuthorizeSecurityGroup*",
	"ec2:RevokeSecurityGroup*"
	],
	"Condition": {
	"StringEquals": {
	"ec2:InstanceProfile": "arn:aws:iam::ACCOUNT_ID:instance-profile/eu-west-1-inflight_packer_run"
	}
	},
	"Effect": "Allow",
	"Resource": "arn:aws:ec2:eu-west-1:ACCOUNT_ID:instance/*"
	},
	{
	"Action": "ec2:RunInstances",
	"Condition": {
	"StringEquals": {
	"ec2:InstanceProfile": "arn:aws:iam::ACCOUNT_ID:instance-profile/eu-west-1-inflight_packer_run"
	}
	},
	"Effect": "Allow",
	"Resource": "arn:aws:ec2:eu-west-1:ACCOUNT_ID:instance/*"
	},
	{
	"Action": "ec2:RunInstances",
	"Effect": "Allow",
	"Resource": "arn:aws:ec2:eu-west-1:ACCOUNT_ID:subnet/*"
	},
	{
	"Action": "ec2:RunInstances",
	"Effect": "Allow",
	"Resource": [
	"arn:aws:ec2:eu-west-1:ACCOUNT_ID:volume/*",
	"arn:aws:ec2:eu-west-1::image/*",
	"arn:aws:ec2:eu-west-1::snapshot/*",
	"arn:aws:ec2:eu-west-1:ACCOUNT_ID:network-interface/*",
	"arn:aws:ec2:eu-west-1:ACCOUNT_ID:key-pair/*",
	"arn:aws:ec2:eu-west-1:ACCOUNT_ID:security-group/*"
	]
	}
	],
	"Version": "2012-10-17"
	}