Policy: AWSPCSServiceRolePolicy ARN: arn:aws:iam::aws:policy/aws-service-role/AWSPCSServiceRolePolicy Allowed Actions Actions Services cloudwatch:PutMetricData cloudwatch ec2:CreateFleet ec2 ec2:CreateFleet ec2 ec2:CreateLaunchTemplate ec2 ec2:CreateLaunchTemplateVersion ec2 ec2:CreateNetworkInterface ec2 ec2:CreateNetworkInterface ec2 ec2:CreateNetworkInterfacePermission ec2 ec2:CreateTags ec2 ec2:DeleteLaunchTemplate ec2 ec2:DeleteLaunchTemplateVersions ec2 ec2:DeleteNetworkInterface ec2 ec2:DescribeImageAttribute ec2 ec2:DescribeImages ec2 ec2:DescribeInstanceAttribute ec2 ec2:DescribeInstanceStatus ec2 ec2:DescribeInstanceTypes ec2 ec2:DescribeInstances ec2 ec2:DescribeKeyPairs ec2 ec2:DescribeLaunchTemplateVersions ec2 ec2:DescribeLaunchTemplates ec2 ec2:DescribeNetworkInterfaces ec2 ec2:DescribeSecurityGroups ec2 ec2:DescribeSubnets ec2 ec2:DescribeVpcs ec2 ec2:RunInstances ec2 ec2:RunInstances ec2 ec2:TerminateInstances ec2 iam:PassRole iam secretsmanager:DeleteSecret secretsmanager secretsmanager:DescribeSecret secretsmanager secretsmanager:GetSecretValue secretsmanager secretsmanager:PutSecretValue secretsmanager secretsmanager:UpdateSecretVersionStage secretsmanager