Simplify infinity user creation

.gitignore

@@ -104,4 +104,5 @@ venv.bak/
 .mypy_cache/
 
 # VSCode
-.vscode/
+.vscode/
+.DS_Store

README.md

@@ -182,20 +182,16 @@ You need an AWS account to use Infinity. The tool will setup AWS EC2 machines as
 
 ## AWS Credentials
 
-With you AWS account, you need to create an IAM account and security credentials. You can learn how to do this [here](https://aws.amazon.com/premiumsupport/knowledge-center/create-access-key/). Make sure the user has the following policies (permissions):
+With you AWS account, you need to create an IAM account and security credentials. You need to set appropriate permissions to this user account. To automate this account creation, follow these steps:
 
-    AmazonEC2FullAccess
-    AWSCloudFormationFullAccess
-    AmazonSNSFullAccess
-    CloudWatchFullAccess
+1. Sign-in to your AWS Account in your browser
+2. Click this link to create a new Infinity user with required permissions: [Create Infinity User](https://console.aws.amazon.com/cloudformation/home#/stacks/create/review?templateURL=https://infinity-cloudformation-templates.s3-eu-west-1.amazonaws.com/infinity_create_user.yaml&stackName=InfinityUser)
+3. Make sure to select the button to acknowledge creation of IAM resources and create the stack
+4. Wait for the stack to create (takes a maximum of 10 seconds)
+5. Visit this link: [Create new security credentials](https://console.aws.amazon.com/iam/home#/users/infinity-cli?section=security_credentials)
+6. Click "Create access key" button to create new credentials for the infinity user.
 
-To run the `infinity-tools` commands successfully, you also need to add these permissions:
-
-    ServiceQuotasFullAccess
-    AWSPriceListServiceFullAccess
-
-
-Then save the new user's Access Key ID and Secret Access Key in a newly created credentials file at `~/.aws/credentials`. The format of the file is below:
+Save the new user's Access Key ID and Secret Access Key in a newly created credentials file at `~/.aws/credentials`. The format of the file is below:
 
     [default]
     aws_access_key_id = ********************

infinity/cloudformation/infinity_create_user.yaml

@@ -0,0 +1,70 @@
+# This file should be in sync with 
+# https://infinity-cloudformation-templates.s3-eu-west-1.amazonaws.com/infinity_create_user.yaml
+AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  InfinityUser:
+    Type: 'AWS::IAM::User'
+    Properties:
+      UserName: infinity-cli
+  InfinityUserPolicy:
+    Type: 'AWS::IAM::Policy'
+    Properties:
+      PolicyName: "infinity-user-updated"
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: "Allow"
+            Action:
+              - "ec2:ModifyVolumeAttribute"
+              - "ec2:DescribeInstances"
+              - "cloudwatch:DeleteAlarms"
+              - "ec2:CreateKeyPair"
+              - "ec2:ResetInstanceAttribute"
+              - "servicequotas:RequestServiceQuotaIncrease"
+              - "ec2:DeleteVolume"
+              - "ec2:DescribeVolumeStatus"
+              - "ec2:StartInstances"
+              - "ec2:DescribeVolumes"
+              - "sns:Subscribe"
+              - "ec2:DescribeKeyPairs"
+              - "servicequotas:ListServiceQuotas"
+              - "ec2:DetachVolume"
+              - "sns:ListTagsForResource"
+              - "ec2:ModifyVolume"
+              - "sns:ListSubscriptionsByTopic"
+              - "ec2:ImportKeyPair"
+              - "ec2:CreateTags"
+              - "sns:CreateTopic"
+              - "ec2:RunInstances"
+              - "ec2:StopInstances"
+              - "ec2:DescribeVolumeAttribute"
+              - "ec2:CreateVolume"
+              - "cloudwatch:DescribeAlarms"
+              - "ec2:DeleteKeyPair"
+              - "ec2:AttachVolume"
+              - "sns:TagResource"
+              - "ec2:DeleteTags"
+              - "sns:DeleteTopic"
+              - "ec2:DescribeInstanceAttribute"
+              - "ec2:DescribeRegions"
+              - "sns:ListTopics"
+              - "sns:SetTopicAttributes"
+              - "sns:UntagResource"
+              - "servicequotas:GetServiceQuota"
+              - "ec2:DescribeSpotPriceHistory"
+              - "ec2:DescribeAvailabilityZones"
+              - "cloudwatch:DisableAlarmActions"
+              - "ec2:ModifyInstanceAttribute"
+              - "ec2:RebootInstances"
+              - "ec2:TerminateInstances"
+              - "sns:GetTopicAttributes"
+              - "ec2:DescribeTags"
+              - "sns:ListSubscriptions"
+              - "ec2:DescribeImages"
+              - "cloudwatch:PutMetricAlarm"
+              - "sns:SetSubscriptionAttributes"
+              - "cloudwatch:EnableAlarmActions"
+              - "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota"
+            Resource: '*'
+      Users:
+        - !Ref InfinityUser