How to allow a role to attach role to an instance?

Question

How do I allow a role to attach role to an EC2 instance without having Administrator Access??  Below is my IAM policy.  Something appears to be missing.

{  
    "Version": "2012-10-17",  
    "Statement": \[  
        {  
            "Sid": "VisualEditor0",  
            "Effect": "Allow",  
            "Action": \[  
                "iam:List*",  
                "iam:Get*",  
                "iam:CreateRole",  
                "iam:CreatePolicy",  
                "iam:PutRolepolicy",  
                "iam:CreateServiceLinkedRole",  
                "iam:AttachRolePolicy",  
                "iam:CreateInstanceProfile",  
                "iam:AddRoleToInstanceProfile",  
                "iam:PassRole",  
                "sts:AssumeRole"  
            ],  
            "Resource": \[  
                "arn:aws:iam::**:role/service-role/**",  
                "arn:aws:iam::**:policy/service-role/**"  
            ]  
        }  
    ]  
}

Answer

I figured it out. The ARNs were not being called out correctly:  
  
"arn:aws:iam:::role/NameOfRole",  
"arn:aws:iam:::policy/NameOfPolicy"

How to allow a role to attach role to an instance?

Conteúdo relevante