Document required permissions to run basti init

[tibuntu]

Bug Description

Hi there, we recently reduced IAM permissions for our developers which led to the situation that they can not longer run basti init by themselves. Could you please document the required permissions?

Right now Basti isn't really pointing out which permissions are missing (Which it btw. does when running a cleanup):

Error setting up bastion. Can't create IAM role for bastion instance. Access denied by IAM.

Thanks!

Steps to Reproduce

Do not grant your AWS user full IAM permissions and try to run basti init

[BohdanPetryshyn]

Hi @tibuntu! I missed the issue somehow and since it's almost a month from when you opened it, is the request still relevant to you?

I understand that your use case might differ from my experience but in general, the recommended way of using Basti in a limited privilege environment is to initialize an instance once and then grant people the minimal set of permissions for the connect command documented here.

Cheers.

[andreas-mueller-bb]

Even for a limited privilege environment it would be interesting which exact permissions are needed, if the initilization should be carried out by someone who doesn't hold full administrator permissions.

Also for transparency reasons I would welcome an overview :)