Fix build instance policy

Author: nightfury1204

provider/aws/formation/rack.json

@@ -3866,6 +3866,10 @@
                 "iam:CreatePolicyVersion",
                 "iam:CreateRole",
                 "iam:CreateUser",
+                "iam:CreateInstanceProfile",
+                "iam:AddRoleToInstanceProfile",
+                "iam:DeleteInstanceProfile",
+                "iam:RemoveRoleFromInstanceProfile",
                 "iam:DeleteAccessKey",
                 "iam:DeletePolicy",
                 "iam:DeletePolicyVersion",
@@ -3874,14 +3878,15 @@
                 "iam:DetachRolePolicy",
                 "iam:DeleteUser",
                 "iam:DeleteUserPolicy",
-                "iam:GetInstanceProfile",
+                "iam:GetInstance*",
                 "iam:GetPolicy",
                 "iam:GetPolicyVersion",
                 "iam:GetRole",
                 "iam:GetRolePolicy",
                 "iam:GetUser",
                 "iam:GetUserPolicy",
                 "iam:ListAccessKeys",
+                "iam:ListInstance*",
                 "iam:ListPolicyVersions",
                 "iam:ListRoles",
                 "iam:ListUsers",
@@ -3892,7 +3897,9 @@
                 "iam:TagPolicy",
                 "iam:TagRole",
                 "iam:TagUser",
+                "iam:TagInstanceProfile",
                 "iam:UntagPolicy",
+                "iam:UntagInstanceProfile",
                 "iam:UntagRole",
                 "iam:UntagUser",
                 "iam:UpdateAssumeRolePolicy"

provider/aws/formation/service.json.tmpl

@@ -570,7 +570,7 @@
                 "Priority": "{{ priority $.App $.Service.Name $domain $i }}"
               }
             },
-            {{ if .InternalAndExternal }}
+            {{ if $.Service.InternalAndExternal }}
             "BalancerListenerRule80Domain{{$i}}External": {
               "Type": "AWS::ElasticLoadBalancingV2::ListenerRule",
               "Condition": "RouteHttp",