ttyS0/packer-permissions.json

## packer-permissions.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "NonResourceBasedReadOnlyPermissions",
            "Action": [
              "ec2:DescribeSubnets",
              "ec2:DescribeSnapshots",
              "ec2:DescribeImages",
              "ec2:DescribeVolumes",
              "ec2:DescribeInstances"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Sid": "NonResourceBasedWritePermissions",
            "Action": [
              "ec2:CopyImage",
              "ec2:CreateImage",
              "ec2:CreateKeyPair",
              "ec2:CreateSecurityGroup",
              "ec2:CreateSnapshot",
              "ec2:CreateTags",
              "ec2:CreateVolume",
              "ec2:DeleteKeypair",
              "ec2:DeleteSnapshot",
              "ec2:ModifyImageAttribute",
              "ec2:ModifyInstanceAttribute",
              "ec2:RegisterImage"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Sid": "IAMPassroleToInstance",
            "Action": [
                "iam:PassRole"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:iam::$ACCOUNT_ID:role/packer-inflight-role"
        },
        {
            "Sid": "AllowInstanceActions",
            "Effect": "Allow",
            "Action": [
              "ec2:AttachVolume",
              "ec2:DetachVolume",
              "ec2:StopInstances",
              "ec2:TerminateInstances"

            ],
            "Resource": "arn:aws:ec2:$REGION:$ACCOUNT_ID:instance/*",
            "Condition": {
                "StringEquals": {
                    "ec2:InstanceProfile": "arn:aws:iam::$ACCOUNT_ID:instance-profile/packer-inflight-role"
                }
            }
        },
        {
            "Sid": "EC2RunInstances",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": "arn:aws:ec2:$REGION:$ACCOUNT_ID:instance/*",
            "Condition": {
                "StringEquals": {
                    "ec2:InstanceProfile": "arn:aws:iam::$ACCOUNT_ID:instance-profile/packer-inflight-role"
                }
            }
        },
        {
            "Sid": "EC2RunInstancesSubnet",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": "arn:aws:ec2:$REGION:$ACCOUNT_ID:subnet/*",
            "Condition": {
                "StringEquals": {
                    "ec2:vpc": "arn:aws:ec2:$REGION:$ACCOUNT_ID:vpc/$VPC_ID"
                }
            }
        },
        {
            "Sid": "RemainingRunInstancePermissions",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": [
              "arn:aws:ec2:$REGION:$ACCOUNT_ID:volume/*",
              "arn:aws:ec2:$REGION::image/*",
              "arn:aws:ec2:$REGION::snapshot/*",
              "arn:aws:ec2:$REGION:$ACCOUNT_ID:network-interface/*",
              "arn:aws:ec2:$REGION:$ACCOUNT_ID:key-pair/*",
              "arn:aws:ec2:$REGION:$ACCOUNT_ID:security-group/*",
              "arn:aws:ec2:$REGION:$ACCOUNT_ID:subnet/*"
            ]
        },
        {
            "Sid": "EC2VpcNonresourceSpecificActions",
            "Effect": "Allow",
            "Action": [
              "ec2:AuthorizeSecurityGroupIngress",
              "ec2:DeleteSecurityGroup"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "ec2:vpc": "arn:aws:ec2:$REGION:$ACCOUNT_ID:vpc/$VPC_ID"
                }
            }
        }
    ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "NonResourceBasedReadOnlyPermissions",
	"Action": [
	"ec2:DescribeSubnets",
	"ec2:DescribeSnapshots",
	"ec2:DescribeImages",
	"ec2:DescribeVolumes",
	"ec2:DescribeInstances"
	],
	"Effect": "Allow",
	"Resource": "*"
	},
	{
	"Sid": "NonResourceBasedWritePermissions",
	"Action": [
	"ec2:CopyImage",
	"ec2:CreateImage",
	"ec2:CreateKeyPair",
	"ec2:CreateSecurityGroup",
	"ec2:CreateSnapshot",
	"ec2:CreateTags",
	"ec2:CreateVolume",
	"ec2:DeleteKeypair",
	"ec2:DeleteSnapshot",
	"ec2:ModifyImageAttribute",
	"ec2:ModifyInstanceAttribute",
	"ec2:RegisterImage"
	],
	"Effect": "Allow",
	"Resource": "*"
	},
	{
	"Sid": "IAMPassroleToInstance",
	"Action": [
	"iam:PassRole"
	],
	"Effect": "Allow",
	"Resource": "arn:aws:iam::$ACCOUNT_ID:role/packer-inflight-role"
	},
	{
	"Sid": "AllowInstanceActions",
	"Effect": "Allow",
	"Action": [
	"ec2:AttachVolume",
	"ec2:DetachVolume",
	"ec2:StopInstances",
	"ec2:TerminateInstances"

	],
	"Resource": "arn:aws:ec2:$REGION:$ACCOUNT_ID:instance/*",
	"Condition": {
	"StringEquals": {
	"ec2:InstanceProfile": "arn:aws:iam::$ACCOUNT_ID:instance-profile/packer-inflight-role"
	}
	}
	},
	{
	"Sid": "EC2RunInstances",
	"Effect": "Allow",
	"Action": "ec2:RunInstances",
	"Resource": "arn:aws:ec2:$REGION:$ACCOUNT_ID:instance/*",
	"Condition": {
	"StringEquals": {
	"ec2:InstanceProfile": "arn:aws:iam::$ACCOUNT_ID:instance-profile/packer-inflight-role"
	}
	}
	},
	{
	"Sid": "EC2RunInstancesSubnet",
	"Effect": "Allow",
	"Action": "ec2:RunInstances",
	"Resource": "arn:aws:ec2:$REGION:$ACCOUNT_ID:subnet/*",
	"Condition": {
	"StringEquals": {
	"ec2:vpc": "arn:aws:ec2:$REGION:$ACCOUNT_ID:vpc/$VPC_ID"
	}
	}
	},
	{
	"Sid": "RemainingRunInstancePermissions",
	"Effect": "Allow",
	"Action": "ec2:RunInstances",
	"Resource": [
	"arn:aws:ec2:$REGION:$ACCOUNT_ID:volume/*",
	"arn:aws:ec2:$REGION::image/*",
	"arn:aws:ec2:$REGION::snapshot/*",
	"arn:aws:ec2:$REGION:$ACCOUNT_ID:network-interface/*",
	"arn:aws:ec2:$REGION:$ACCOUNT_ID:key-pair/*",
	"arn:aws:ec2:$REGION:$ACCOUNT_ID:security-group/*",
	"arn:aws:ec2:$REGION:$ACCOUNT_ID:subnet/*"
	]
	},
	{
	"Sid": "EC2VpcNonresourceSpecificActions",
	"Effect": "Allow",
	"Action": [
	"ec2:AuthorizeSecurityGroupIngress",
	"ec2:DeleteSecurityGroup"
	],
	"Resource": "*",
	"Condition": {
	"StringEquals": {
	"ec2:vpc": "arn:aws:ec2:$REGION:$ACCOUNT_ID:vpc/$VPC_ID"
	}
	}
	}
	]
	}