{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowDescription",
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "iam:PassRole",
                "iam:ListInstanceProfiles",
                "ec2:ImportKeyPair",
                "ec2:CreateKeyPair",
                "ec2:CreateSecurityGroup"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "AllowWhenOwnerOrUntagged",
            "Effect": "Allow",
            "Action": [
                "ec2:*"
            ],
            "Condition": {
                "StringEqualsIfExists": {
                    "ec2:ResourceTag/FedoraGroup": [
                        "centos"
                    ]
                }
            },
            "Resource": [
                "arn:aws:ec2:*:*:capacity-reservation/*",
                "arn:aws:ec2:*:*:elasticGpu/*",
                "arn:aws:ec2:*::fpga-image/*",
                "arn:aws:ec2:*::image/*",
                "arn:aws:ec2:*:*:instance/*",
                "arn:aws:ec2:*:*:key-pair/*",
                "arn:aws:ec2:*:*:launch-template/*",
                "arn:aws:ec2:*:*:network-interface/*",
                "arn:aws:ec2:*:*:placement-group/*",
                "arn:aws:ec2:*:*:reserved-instances/*",
                "arn:aws:ec2:*:*:security-group/*",
                "arn:aws:ec2:*::snapshot/*",
                "arn:aws:ec2:*::spot-instance-request/*",
                "arn:aws:ec2:*:*:volume/*",
                "arn:aws:ec2:*:*:subnet/*"
            ]
        }
    ]
}