From 172f2807a323784c4a47e734e9dc1d8768122135 Mon Sep 17 00:00:00 2001
From: Coby Benveniste <coby.benveniste@gmail.com>
Date: Mon, 6 Jan 2025 15:03:07 +0200
Subject: [PATCH] Document minimal IAM Role for launching instance

---
 lib/flame_ec2.ex | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/lib/flame_ec2.ex b/lib/flame_ec2.ex
index 92a1d9f..6e9ed6e 100644
--- a/lib/flame_ec2.ex
+++ b/lib/flame_ec2.ex
@@ -29,6 +29,52 @@ defmodule FlameEC2 do
 
   ```json
   {
+      "Version": "2012-10-17",
+      "Statement": [
+          {
+              "Sid": "ec2RunInstances",
+              "Effect": "Allow",
+              "Action": [
+                  "ec2:DescribeTags",
+                  "ec2:CreateTags",
+                  "ec2:DeleteTags",
+                  "ec2:RunInstances"
+              ],
+              "Resource": "*"
+          },
+          {
+              "Sid": "ssmParameters",
+              "Effect": "Allow",
+              "Action": [
+                  "ssm:GetParameters"
+              ],
+              "Resource": "*"
+          },
+          {
+              "Sid": "iamRolePassing",
+              "Effect": "Allow",
+              "Action": [
+                  "iam:PassRole"
+              ],
+              "Resource": [
+                  "arn:aws:iam::*:instance-profile/*"
+              ],
+              "Condition": {
+                  "StringEquals": {
+                      "iam:PassedToService": "ec2.amazonaws.com"
+                  }
+              }
+          },
+          {
+              "Sid": "s3GetRelease",
+              "Effect": "Allow",
+              "Action": [
+                  "s3:ListBucket",
+                  "s3:GetObject"
+              ],
+              "Resource": "*"
+          }
+      ]
   }
   ```