From 0b93f74895fc87a7a414b62c75f8a538198b78c2 Mon Sep 17 00:00:00 2001
From: Matthias Pigulla <mp@webfactory.de>
Date: Thu, 7 Apr 2016 12:08:29 +0200
Subject: [PATCH] Add an example IAM policy

Not sure whether access could be better restricted?
---
 README.textile | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/README.textile b/README.textile
index ff3af63..5db50bb 100644
--- a/README.textile
+++ b/README.textile
@@ -238,6 +238,29 @@ h1. FILES
 - $HOME/.my.cnf := Default values for MySQL user and password are sought here in the standard format.
 - $HOME/.awssecret := Default values for access key and secret access keys are sought here. Can be overridden by environment variables and command line options.
 
+h1. IAM POLICY
+
+The following policy can help you to set up the IAM user or role with appropriate permissions to run this program.
+
+<pre>
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "1",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DeleteSnapshot",
+                "ec2:DescribeSnapshots"
+            ],
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}
+</pre>
+
 h1. SEE ALSO
 
 - Amazon EC2 := - Amazon EC2 EBS (Elastic Block Store) := - ec2-consistent-snapshot :=