I am trying to create a policy for giving the user the permission to create Ec2 instance but I dont wan't to give all the permission inside write. Please verify if these permissions are enough or if some permission is extra
{
"Version": "2020-06-16",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateKeyPair"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": "*"
}
]
}
I can confirm these permissions should work if using the Console Wizard.
More examples of policies for other situations can be found here.
If you're ever in need of testing scenarios feel free to take a look at the IAM policy simulator. It can really help you to validate your permissions against actions easily without having to script or attempt executing the change(s) each time.