Error launch ec2 instance following guide from the beginning

[WillaFan]

No description provided.

[WillaFan]

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-ec2-console.html
may help

[WillaFan]

https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html

[WillaFan]

### Construct json policy
Version: 2012-10-17
Effect: Allow
service prefix: ec2

Prefix	Action	Summary	Suggested Bundle	Policy (or alias) Group	Category	Resources	Comment
ec2	DescribeInstances	View instances	View instances, AMIs, and snapshots View instances and CloudWatch metrics Basic launch wizard access	Read-only access Use the EC2 launch wizard	Describe*	*
ec2	DescribeInstanceTypes	To view and select an instance type	Basic launch wizard access	Use the EC2 launch wizard	Describe*	*
ec2	DescribeImages	To view and select an AMI	View instances, AMIs, and snapshots Basic launch wizard access	Read-only access Use the EC2 launch wizard	Describe*	*
ec2	DescribeTags		View instances, AMIs, and snapshots	Read-only access	Describe*	*
ec2	DescribeSnapshots	View snapshots	View instances, AMIs, and snapshots	Read-only access	Describe*	*
ec2	DescribeKeyPairs	To select an existing key pair, or to create a new one	Basic launch wizard access	Use the EC2 launch wizard	Describe*	*	*
ec2	DescribeVpcs	To view the available network options	Basic launch wizard access	Use the EC2 launch wizard	Describe*	*
ec2	DescribeSubnets	To view all available subnets for the chosen VPC	Basic launch wizard access	Use the EC2 launch wizard	Describe*	*
ec2	DescribeSecurityGroups	To view and select an existing security group, or to create a new one	Basic launch wizard access	Use the EC2 launch wizard	Describe*	*
ec2	CreateSecurityGroup		Basic launch wizard access	Use the EC2 launch wizard	Describe*	*
ec2	CreateKeyPair		Basic launch wizard access	Use the EC2 launch wizard		*	*
ec2	AuthorizeSecurityGroupIngress	To add inbound rules	Basic launch wizard access	Use the EC2 launch wizard	Describe*	*
ec2	RunInstances		Basic launch wizard access	Use the EC2 launch wizard		*	new object
ec2	DescribeAvailabilityZones	To view and select a specific Availability Zone			Describe*	*	more options
ec2	DescribeNetworkInterfaces	To view and select existing network interfaces for the selected subnet			Describe*	*	more options
ec2	CreateTags	To tag the resources that are created by RunInstances				*	more options
cloudwatch	DescribeAlarms	View metrics	View instances and CloudWatch metrics	Read-only access	Describe*	*
cloudwatch	GetMetricStatistics	View metrics	View instances and CloudWatch metrics	Read-only access		*

(cont.) To use Systems Manager parameters when selectin

Examples

Read-only access
Use the EC2 launch wizard
Work with volumes
Work with security groups
Work with Elastic IP addresses
Work with Reserved Instances

example:
ec2:Describe* - support resource-level permissions, which in other means, view individual resources in console

To add outbound rules to VPC security groups, users must be granted permission to use the ec2:AuthorizeSecurityGroupEgress API action. To modify or delete existing rules, users must be granted permission to use the relevant ec2:RevokeSecurityGroup* API action.

other related,
Control access to EC2 resources using resource tags.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-ec2-console.html may help