Add IAM minimal policies description in documentation

ComputeCanada · Nov 1, 2024 · 5dc787b · 5dc787b
1 parent aa62d4b
commit 5dc787b
Showing 1 changed file with 72 additions and 0 deletions.
diff --git a/aws/README.md b/aws/README.md
@@ -13,3 +13,75 @@ TL;DR:
 8. Apply the Terraform plan : `terraform apply`.
 
 To tear down the cluster, call: `terraform destroy`.
+
+### AWS Minimal IAM Policy
+
+This policy grants Terraform the necessary permissions to create, update, and destroy EC2 resources. It includes permissions for managing EC2 instances, security groups, key pairs, and other related resources. This policy should be applied to the IAM role or user that Terraform will use to manage the EC2 infrastructure for Magic Castle.
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:AuthorizeSecurityGroupIngress",
+                "ec2:DeleteSubnet",
+                "ec2:DescribeInstances",
+                "ec2:AttachInternetGateway",
+                "ec2:DescribePlacementGroups",
+                "ec2:DescribeInternetGateways",
+                "ec2:DeleteVolume",
+                "ec2:CreatePlacementGroup",
+                "ec2:RevokeSecurityGroupEgress",
+                "ec2:CreateRoute",
+                "ec2:CreateInternetGateway",
+                "ec2:DescribeVolumes",
+                "ec2:DeleteInternetGateway",
+                "ec2:DescribeKeyPairs",
+                "ec2:DescribeRouteTables",
+                "ec2:ImportKeyPair",
+                "ec2:CreateTags",
+                "ec2:DeleteNetworkInterface",
+                "ec2:RunInstances",
+                "ec2:DetachInternetGateway",
+                "ec2:DescribeInstanceCreditSpecifications",
+                "ec2:CreateVolume",
+                "ec2:CreateNetworkInterface",
+                "ec2:DescribeInstanceTypes",
+                "ec2:DeleteVpc",
+                "ec2:AssociateAddress",
+                "ec2:CreateSubnet",
+                "ec2:DescribeSubnets",
+                "ec2:DeleteKeyPair",
+                "ec2:AttachVolume",
+                "ec2:DisassociateAddress",
+                "ec2:DescribeAddresses",
+                "ec2:DeleteTags",
+                "ec2:DescribeInstanceAttribute",
+                "ec2:CreateVpc",
+                "ec2:DescribeVpcAttribute",
+                "ec2:ModifySubnetAttribute",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DescribeAvailabilityZones",
+                "ec2:CreateSecurityGroup",
+                "ec2:ModifyVpcAttribute",
+                "ec2:ReleaseAddress",
+                "ec2:AuthorizeSecurityGroupEgress",
+                "ec2:TerminateInstances",
+                "ec2:DetachNetworkInterface",
+                "ec2:DeletePlacementGroup",
+                "ec2:DescribeTags",
+                "ec2:DeleteRoute",
+                "ec2:AllocateAddress",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeImages",
+                "ec2:DescribeVpcs",
+                "ec2:DeleteSecurityGroup"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```