Merge branch 'master' of github.com:cloud-hero/hero-cli

Author: CloudHero

README.md

@@ -61,6 +61,9 @@ $./hero provider add digital_ocean -a DO_Access_Token --name my_dev_cloud
 $./hero provider add ec2 -a access_key -s secret_key --name my_prod_cloud
 ```
 
+We prepared for you [the minimum required IAM policy](https://github.com/cloud-hero/hero-cli/blob/master/docs/AWS-policy.md) for CloudHero.
+In that example you can see that CloudHero is only allowed to work in Irland and it only needs just a few permissions.
+
 |Parameter|Description|
 | --------- | ------- |
 |access_key | A valid AWS EC2 access key

docs/AWS-policy.md

@@ -0,0 +1,43 @@
+
+
+
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "ec2:DescribeInstances",
+                "ec2:DescribeAvailabilityZones",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeImages",
+                "ec2:DescribeTags",
+                "ec2:DescribeRegions",
+                "ec2:CreateTags",
+                "ec2:CreateNetworkInterface",
+                "ec2:CreateKeyPair",
+                "ec2:CreateSecurityGroup",
+                "ec2:DescribeKeyPairs",
+                "ec2:DescribeSecurityGroups",
+                "ec2:AuthorizeSecurityGroupEgress",
+                "ec2:AuthorizeSecurityGroupIngress",
+                "ec2:ImportKeyPair",
+                "ec2:DeleteTags",
+                "ec2:StartInstances",
+                "ec2:RunInstances",
+                "ec2:ModifyInstanceAttribute",
+                "ec2:ModifyNetworkInterfaceAttribute",
+                "ec2:StopInstances",
+                "ec2:TerminateInstances"
+            ],
+            "Resource": "*",
+            "Effect": "Allow",
+            "Condition": {
+                "StringEquals": {
+                    "ec2:Region": "eu-west-1"
+                }
+            }
+        }
+    ]
+}
+```