Troubleshooting insufficient AWS EC2 permissions in Vagrant

[tec...@gmail.com]

I am interested how can I debug insufficient EC2 permissions that prevent Vagrant from completing machine setup. The instance gets initiated (name is not set) however Vagrant fails on the way.

With ec2:* credentials Vagrant finishes with no problem. 

Other than trial and error is there any hint in the below vagrant up --debug trace on what might be failing?

 << cut >>
 INFO environment: Released process lock: machine-action-f71b8e35b466f0a97c4a9ac4d8563207
 INFO environment: Running hook: environment_unload
 INFO runner: Preparing hooks for middleware sequence...
 INFO runner: 3 hooks defined.
 INFO runner: Running action: environment_unload #<Vagrant::Action::Builder:0x00000102da6738>
ERROR vagrant: Vagrant experienced an error! Details:
ERROR vagrant: #<VagrantPlugins::AWS::Errors::FogError: There was an error talking to AWS. The error message is shown
below:

UnauthorizedOperation => You are not authorized to perform this operation.>
ERROR vagrant: There was an error talking to AWS. The error message is shown
below:

UnauthorizedOperation => You are not authorized to perform this operation.
ERROR vagrant: /Users/macraf/.vagrant.d/gems/gems/vagrant-aws-0.7.0/lib/vagrant-aws/action/run_instance.rb:122:in `rescue in call'

 << cut >>

/opt/vagrant/embedded/gems/gems/vagrant-1.8.1/lib/vagrant/batch_action.rb:82:in `block (2 levels) in run'
 INFO interface: error: There was an error talking to AWS. The error message is shown
below:

UnauthorizedOperation => You are not authorized to perform this operation.
There was an error talking to AWS. The error message is shown
below:

UnauthorizedOperation => You are not authorized to perform this operation.
 INFO interface: Machine: error-exit ["VagrantPlugins::AWS::Errors::FogError", "There was an error talking to AWS. The error message is shown\nbelow:\n\nUnauthorizedOperation => You are not authorized to perform this operation."]

More than the actual reason, I would like to learn how to read the log, if it indicates a particular problem, but for reference failing policy has the following permissions: ec2:DescribeInstances, ec2:DescribeImages, ec2:DescribeKeyPairs, ec2:DescribeSecurityGroups, ec2:DescribeAvailabilityZones, ec2:RunInstances, ec2:TerminateInstances, ec2:StopInstances, ec2:StartInstances.