{”Sid”:”ListEc2AndListInstanceProfiles”,”Effect”:”Allow”,”Action”:[“iam:ListInstanceProfiles”,”ec2:Describe*,”ec2:Search*,”ec2:Get*”],”Resource”:”*”}]} {“Verson”:”2012-10-17″,”Statement”:[{“Effect”:”Allow”,”Action”,”ec2: RunInstances”,”Resources”:”*”},{“Effect”:”Allow”,”Action”:”iam:PassRole”,”Resource”:”arn:aws:iam::account-id:role/Get-pics”}]} permissions Policy to allow theapplication to access the my-bucket-1 Amazon S3 bucket: Account 111111111111 abcd Role Permissions Policy {“Version”:”2012-10-17″,”Statement”:[{“Sid”:”AllowAccountLevelS3Actions”,”Effect”:”Allow”,”Action”:[“s3: GetBucketLocation”,”s3: GetAccountPublicAccessBlock “,”s3:ListAccessPoints”,”ListAllMyBuckets”],”Resource”:”arn:aws:s,3:::*”},{“Sid”:”AllowListAndReadS3ActionOnMyBucket”,”Effect”:”Allow”,”Action”:[“s3:Get*”,”s3:List*”],”Resource”:[“arn:aws:s3:::my-bucket-1/*”,”arn:aws:s3:::my-bucket-1″]},{“Sid”:”AllowIPToAssumeCrossAccountRole”,”Effect”:”Allow”,”Action”:”sts:AssumeRole”,”Resource”:”arn:aws:iam::222222222222:role/efgh”}]} Account 111111111111 abcd Role Trust Policy {“Version”:”2012-10-17″,”Statement”:[{“Sid”:”abcdTrustPolicy”,”Effect”:”Allow”,”Action”:”sts”:AssumeRole”,”Principal”:{“Service”:ec2.amazonaws.com”}]} https://capital.one/UtPvEz