On that note, it would be great to know what AWS `User Policy` Flynn needs / expects so I could grant it a unique IAM key with limited access for creating servers, etc.
We haven't nailed down the exact API calls that we're going to need long-term so there isn't a policy we're recommending. Currently EC2 and Route53 full access will work, but we recommend creating a new AWS account for security reasons if you have anything else running.
FWIW, the default PowerUser role that can be assigned to an IAM account was sufficient for my tests. I don't know if it could have worked with fewer permissions.
