From 5dc787b271e1f08efb9b20e052ba2a65501dfcc6 Mon Sep 17 00:00:00 2001
From: Benoit Verret <benoit.verret@fsg.ulaval.ca>
Date: Fri, 1 Nov 2024 17:23:51 -0400
Subject: [PATCH] Add IAM minimal policies description in documentation

---
 aws/README.md | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/aws/README.md b/aws/README.md
index c20c62789..a3d36c078 100644
--- a/aws/README.md
+++ b/aws/README.md
@@ -13,3 +13,75 @@ TL;DR:
 8. Apply the Terraform plan : `terraform apply`.
 
 To tear down the cluster, call: `terraform destroy`.
+
+### AWS Minimal IAM Policy
+
+This policy grants Terraform the necessary permissions to create, update, and destroy EC2 resources. It includes permissions for managing EC2 instances, security groups, key pairs, and other related resources. This policy should be applied to the IAM role or user that Terraform will use to manage the EC2 infrastructure for Magic Castle.
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:AuthorizeSecurityGroupIngress",
+                "ec2:DeleteSubnet",
+                "ec2:DescribeInstances",
+                "ec2:AttachInternetGateway",
+                "ec2:DescribePlacementGroups",
+                "ec2:DescribeInternetGateways",
+                "ec2:DeleteVolume",
+                "ec2:CreatePlacementGroup",
+                "ec2:RevokeSecurityGroupEgress",
+                "ec2:CreateRoute",
+                "ec2:CreateInternetGateway",
+                "ec2:DescribeVolumes",
+                "ec2:DeleteInternetGateway",
+                "ec2:DescribeKeyPairs",
+                "ec2:DescribeRouteTables",
+                "ec2:ImportKeyPair",
+                "ec2:CreateTags",
+                "ec2:DeleteNetworkInterface",
+                "ec2:RunInstances",
+                "ec2:DetachInternetGateway",
+                "ec2:DescribeInstanceCreditSpecifications",
+                "ec2:CreateVolume",
+                "ec2:CreateNetworkInterface",
+                "ec2:DescribeInstanceTypes",
+                "ec2:DeleteVpc",
+                "ec2:AssociateAddress",
+                "ec2:CreateSubnet",
+                "ec2:DescribeSubnets",
+                "ec2:DeleteKeyPair",
+                "ec2:AttachVolume",
+                "ec2:DisassociateAddress",
+                "ec2:DescribeAddresses",
+                "ec2:DeleteTags",
+                "ec2:DescribeInstanceAttribute",
+                "ec2:CreateVpc",
+                "ec2:DescribeVpcAttribute",
+                "ec2:ModifySubnetAttribute",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DescribeAvailabilityZones",
+                "ec2:CreateSecurityGroup",
+                "ec2:ModifyVpcAttribute",
+                "ec2:ReleaseAddress",
+                "ec2:AuthorizeSecurityGroupEgress",
+                "ec2:TerminateInstances",
+                "ec2:DetachNetworkInterface",
+                "ec2:DeletePlacementGroup",
+                "ec2:DescribeTags",
+                "ec2:DeleteRoute",
+                "ec2:AllocateAddress",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeImages",
+                "ec2:DescribeVpcs",
+                "ec2:DeleteSecurityGroup"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```