IngussNeilands · March 2, 2018 16:05 · Sep 19, 2016
diff --git a/packer-permissions.json b/packer-permissions.json
@@ -0,0 +1,111 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "NonResourceBasedReadOnlyPermissions",
+            "Action": [
+              "ec2:DescribeSubnets",
+              "ec2:DescribeSnapshots",
+              "ec2:DescribeImages",
+              "ec2:DescribeVolumes",
+              "ec2:DescribeInstances"
+            ],
+            "Effect": "Allow",
+            "Resource": "*"
+        },
+        {
+            "Sid": "NonResourceBasedWritePermissions",
+            "Action": [
+              "ec2:CopyImage",
+              "ec2:CreateImage",
+              "ec2:CreateKeyPair",
+              "ec2:CreateSecurityGroup",
+              "ec2:CreateSnapshot",
+              "ec2:CreateTags",
+              "ec2:CreateVolume",
+              "ec2:DeleteKeypair",
+              "ec2:DeleteSnapshot",
+              "ec2:ModifyImageAttribute",
+              "ec2:ModifyInstanceAttribute",
+              "ec2:RegisterImage"
+            ],
+            "Effect": "Allow",
+            "Resource": "*"
+        },
+        {
+            "Sid": "IAMPassroleToInstance",
+            "Action": [
+                "iam:PassRole"
+            ],
+            "Effect": "Allow",
+            "Resource": "arn:aws:iam::$ACCOUNT_ID:role/packer-inflight-role"
+        },
+        {
+            "Sid": "AllowInstanceActions",
+            "Effect": "Allow",
+            "Action": [
+              "ec2:AttachVolume",
+              "ec2:DetachVolume",
+              "ec2:StopInstances",
+              "ec2:TerminateInstances"
+
+            ],
+            "Resource": "arn:aws:ec2:$REGION:$ACCOUNT_ID:instance/*",
+            "Condition": {
+                "StringEquals": {
+                    "ec2:InstanceProfile": "arn:aws:iam::$ACCOUNT_ID:instance-profile/packer-inflight-role"
+                }
+            }
+        },
+        {
+            "Sid": "EC2RunInstances",
+            "Effect": "Allow",
+            "Action": "ec2:RunInstances",
+            "Resource": "arn:aws:ec2:$REGION:$ACCOUNT_ID:instance/*",
+            "Condition": {
+                "StringEquals": {
+                    "ec2:InstanceProfile": "arn:aws:iam::$ACCOUNT_ID:instance-profile/packer-inflight-role"
+                }
+            }
+        },
+        {
+            "Sid": "EC2RunInstancesSubnet",
+            "Effect": "Allow",
+            "Action": "ec2:RunInstances",
+            "Resource": "arn:aws:ec2:$REGION:$ACCOUNT_ID:subnet/*",
+            "Condition": {
+                "StringEquals": {
+                    "ec2:vpc": "arn:aws:ec2:$REGION:$ACCOUNT_ID:vpc/$VPC_ID"
+                }
+            }
+        },
+        {
+            "Sid": "RemainingRunInstancePermissions",
+            "Effect": "Allow",
+            "Action": "ec2:RunInstances",
+            "Resource": [
+              "arn:aws:ec2:$REGION:$ACCOUNT_ID:volume/*",
+              "arn:aws:ec2:$REGION::image/*",
+              "arn:aws:ec2:$REGION::snapshot/*",
+              "arn:aws:ec2:$REGION:$ACCOUNT_ID:network-interface/*",
+              "arn:aws:ec2:$REGION:$ACCOUNT_ID:key-pair/*",
+              "arn:aws:ec2:$REGION:$ACCOUNT_ID:security-group/*",
+              "arn:aws:ec2:$REGION:$ACCOUNT_ID:subnet/*"
+            ]
+        },
+        {
+            "Sid": "EC2VpcNonresourceSpecificActions",
+            "Effect": "Allow",
+            "Action": [
+              "ec2:AuthorizeSecurityGroupIngress",
+              "ec2:DeleteSecurityGroup"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "StringEquals": {
+                    "ec2:vpc": "arn:aws:ec2:$REGION:$ACCOUNT_ID:vpc/$VPC_ID"
+                }
+            }
+        }
+    ]
+}
No results found