How to allow a role to attach role to an instance?

How do I allow a role to attach role to an EC2 instance without having Administrator Access?? Below is my IAM policy. Something appears to be missing.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:List*",
"iam:Get*",
"iam:CreateRole",
"iam:CreatePolicy",
"iam:PutRolepolicy",
"iam:CreateServiceLinkedRole",
"iam:AttachRolePolicy",
"iam:CreateInstanceProfile",
"iam:AddRoleToInstanceProfile",
"iam:PassRole",
"sts:AssumeRole"
],
"Resource": [
"arn:aws:iam:::role/service-role/",
"arn:aws:iam:::policy/service-role/"
]
}
]
}