I just had a look at the IAM user guide. Looks like the EC2 section is very short and not really detailed.
Are there any IAM Policy Actions for creating/deleting EC2 insance tags? Something like ec2:CreateTags or ec2:DeleteTags?
Update:
Ok, I made a test. It is the undocumented "ec2:CreateTags" and "ec2:DeleteTags" policy action.
Best Answer
Below is the snippet of IAM policy that is working for me for creating tags.