Which AWS permissions do I need to give to make the copy and tagging work.

[HelioCampos]

Hi @martinbaillie,

• I'm loved your plugin and am trying to use it now. My problem is that I need to restrict the permissions for the role this plugin will use and I'm unable to find which permissions it needs.
• Can you help with this?

[Itiho]

amazon-ebs (ami-copy): [us-east-1] Copying ami-0e08471c0c40e8d82 to account 213253929815 (encrypted: false)

==> amazon-ebs (ami-copy): [sa-east-1] Copying ami-00242ff3cdb2ada43 to account 213253929815 (encrypted: false)

==> amazon-ebs (ami-copy): AccessDenied: Access denied

==> amazon-ebs (ami-copy): 	status code: 403, request id: 1cb95c18-dae0-11e9-a525-e53a66402763

==> amazon-ebs (ami-copy): AccessDenied: Access denied

==> amazon-ebs (ami-copy): 	status code: 403, request id: 1cb98301-dae0-11e9-9567-c3ba895cda68

==> amazon-ebs: Running post-processor: manifest

Build 'amazon-ebs' errored: 1 error(s) occurred:

I get this error

[Itiho]

@HelioCampos create de IAM policy with this permissions in destination account:

• DescribeImageAttribute
• DescribeImages
• DescribeImportImageTasks
• CopyImage
• CopySnapshot
• CreateImage
• DeregisterImage
• ImportImage
• ImportSnapshot
• ImportVolume
• ModifyImageAttribute
• RegisterImage
• ResetImageAttribute

create a iam role (Another AWS account) with this policy and delegate to origin account

[amehrabyan-wf]

• "ec2:CreateTags"