{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:GetRole",
                "iam:GetInstanceProfile",
                "iam:ListInstanceProfiles",
                "iam:ListInstanceProfilesForRole",
                "iam:PassRole",
                "ec2:AttachVolume",
                "ec2:DisassociateAddress",
                "ec2:DescribeAddresses",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeInstances",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeInstanceTypeOfferings",
                "ec2:DescribeVolumes",
                "ec2:ReleaseAddress",
                "ec2:CreateTags",
                "ec2:RunInstances",
                "ec2:DescribeIpamPools",
                "ec2:AllocateAddress",
                "ec2:CreateVolume",
                "ec2:DescribeImages",
                "ec2:DescribeRegions",
                "ec2:DescribeVpcs",
                "ec2:DescribeInstanceTypes",
                "ec2:DescribeSubnets",
                "ec2:AssociateAddress",
                "ec2:AllocateIpamPoolCidr",
                "s3:GetBucketTagging",
                "s3:PutBucketTagging",
                "s3:CreateBucket",
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:ListBucketMultipartUploads",
                "s3:PutObject",
                "s3:GetObject",
                "kms:CreateGrant",
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:GenerateDataKey",
                "kms:GenerateDataKeyWithoutPlainText"
            ],
            "Resource": "*"
        },
        {
         "Sid":"RestrictedDeleteVolumeForCVAutoScale",
         "Effect":"Allow",
         "Action":[
            "ec2:DeleteVolume"
         ],
         "Resource":"*",
         "Condition":{
            "StringEquals":{
               "ec2:ResourceTag/cvscale-pvm-disk":"yes"
            }
         }
      },
      {
         "Sid":"RestrictedModifyInstanceAttributeForCVAutoScale",
         "Effect":"Allow",
         "Action":[
            "ec2:ModifyInstanceAttribute"
         ],
         "Resource":"*",
         "Condition":{
            "StringLikeIfExists": {
               "ec2:Attribute/BlockDeviceMapping.n.Ebs.DeleteOnTermination": "True"
            }
         }
      },
      {
         "Sid":"RestrictedTerminateInstancesForCVAutoScale",
         "Effect":"Allow",
         "Action":"ec2:TerminateInstances",
         "Resource":"*",
         "Condition":{
            "StringLike":{
               "ec2:ResourceTag/Name":"cvscale-*"
            }
         }
      }
    ]
}