{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AwsCloudVmPermissions",
            "Effect": "Allow",
            "Action": [
                "ec2:CopySnapshot",
                "ec2:CreateSnapshot",
                "ec2:CreateTags",
                "kms:CreateGrant",
                "kms:DescribeKey",
                "kms:ReEncryptFrom",
                "kms:ReEncryptTo",
                "kms:RetireGrant"
            ],
            "Resource": "*"
        },
        {
            "Sid": "ICSDeleteModifySnapshot",
            "Action": [
                "ec2:DeleteSnapshot",
                "ec2:ModifySnapshotAttribute"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/creator": "insightcloudsec"
                }
            }
        },
        {
            "Sid": "R7CMKAccess",
            "Effect": "Allow",
            "Action": [
                "kms:Encrypt",
                "kms:Decrypt",
                "kms:GenerateDataKeyWithoutPlaintext"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/creator": "insightcloudsec"
                }
            }
        }
    ]
}