diff --git a/api/policy.go b/api/policy.go
index 382d262..ef94ee9 100644
--- a/api/policy.go
+++ b/api/policy.go
@@ -47,6 +47,31 @@ func instanceCreatePolicy() (string, error) {
 				Effect: "Allow",
 				Action: []string{
 					"ec2:RunInstances",
+					"iam:PassRole",
+				},
+				Resource: []string{"*"},
+			},
+		},
+	}
+
+	j, err := json.Marshal(policy)
+	if err != nil {
+		return "", err
+	}
+
+	return string(j), nil
+}
+
+func instanceDeletePolicy(id string) (string, error) {
+	log.Debugf("generating instance delete policy document")
+
+	policy := iam.PolicyDocument{
+		Version: "2012-10-17",
+		Statement: []iam.StatementEntry{
+			{
+				Effect: "Allow",
+				Action: []string{
+					"ec2:TerminateInstances",
 				},
 				Resource: []string{"*"},
 			},