|
add `DescribeVpcAttribute` to the minimum access policy so it looks like
{
|
"Statement": [
|
{
|
"Effect": "Allow",
|
"Action": ["iam:*AccessKey*", "iam:GetUser"],
|
"Resource": ["*"]
|
},
|
{
|
"Effect": "Allow",
|
"Action": [
|
"ec2:AttachVolume",
|
"ec2:AuthorizeSecurityGroupIngress",
|
"ec2:CreateKeyPair",
|
"ec2:CreateSecurityGroup",
|
"ec2:CreateTags",
|
"ec2:CreateVolume",
|
"ec2:DeleteKeyPair",
|
"ec2:DeleteSecurityGroup",
|
"ec2:DeleteTags",
|
"ec2:DeleteVolume",
|
"ec2:DescribeAccountAttributes",
|
"ec2:DescribeAvailabilityZones",
|
"ec2:DescribeInstanceAttribute",
|
"ec2:DescribeInstanceStatus",
|
"ec2:DescribeInstances",
|
"ec2:DescribeKeyPairs",
|
"ec2:DescribeRegions",
|
"ec2:DescribeSecurityGroups",
|
"ec2:DescribeSubnets",
|
"ec2:DescribeTags",
|
"ec2:DescribeVpcs",
|
"ec2:DescribeVpcAttribute",
|
"ec2:DescribeVolumeStatus",
|
"ec2:DescribeVolumes",
|
"ec2:DescribeVolumeAttribute",
|
"ec2:ImportKeyPair",
|
"ec2:RunInstances",
|
"ec2:StartInstances",
|
"ec2:StopInstances",
|
"ec2:RebootInstances",
|
"ec2:TerminateInstances"
|
],
|
"Resource": [
|
"*"
|
]
|
}
|
]
|
}
|
|