ec2.create_snapshot requires too many permissions (DescribeVolumes, CreateTags)

[GoogleCodeExporter]

What steps will reproduce the problem?
1. run ec2.create_snapshot on a named volume, with IAM credentials only 
allowing ec2:CreateSnapshot.

What is the expected output? What do you see instead?
The expected result is a success. Instead it fails on self.get_all_volumes and 
after the adding ec2:DescribeVolumes permission, fails on snapshot.add_tag 
without ec2:CreateTags.

What version of the product are you using? On what operating system?
boto 2.0 (0.7.amzn1) on Amazon Linux AMI 2011.09.

Please provide any additional information below.
The auto-tagging behavior is certainly potentially useful, but makes it 
challenging for any organization using IAM to lock down credentials as much as 
possible. It isn't desirable to allow listing all our volumes, and tagging any 
ec2 object, just to create a snapshot. As such it would be great if there were 
an autotag=True option added to ec2.create_snapshot, that could be passed in as 
False to simply return the snapshot object after creation.

I checked out boto 2.1.1 just in case so as not to waste anyone's time, but 
there don't appear to be any changes to ec2.create_snapshot. Thanks for any 
thoughts on this issue. I'm happy to submit a pull request on GitHub if it is 
agreed that this option is acceptable. Thanks!

Note that if you are experiencing this and aren't able to increase permissions, 
you can try/except as a somewhat nasty workaround as the snapshot is 
successfully created when this occurs.

Original issue reported on code.google.com by mroo...@gmail.com on 13 Jan 2012 at 9:01

[GoogleCodeExporter]

This is not really a boto issue. The problem is with Amazon. I have run into a 
similar issue. Instead of auto-tagging it should probably just have a "name" 
parameter (as the AWS Console does).

Original comment by jonat...@nacnud.com on 16 May 2013 at 8:26