Packer build error for AWS EBS: Deny public associate IP

Hi,

I am currently having an issue with packer build for AWS EBS.

We want to build AMI inside our VPC and subnets with only private IP, so we setup the following parameters to avoid creating any public IP

“associate_public_ip_address”: false,
“ssh_interface”: “private_ip”,

And the subnet id, vpc_id are provided.

We have a service control policies for the whole organization which is to deny any public IP creation. The issue is that when we start build, we will get error which trigger the policy. And once we remove the policy, packer can start to build the image properly and there is no public IP during building the image.

What could be the reason for this issue? Is there anything wrong with the policy or there is something else we have to configure? Thank you

The following is the policy
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “DenyEC2AssociatePublicIp”,
“Effect”: “Deny”,
“Action”: [
“ec2:RunInstances”,
“ec2:RunScheduledInstances”
],
“Resource”: “arn:aws:ec2:::network-interface/",
“Condition”: {
“BoolIfExists”: {
“ec2:AssociatePublicIpAddress”: “true”
}
}
},
{
“Sid”: “DenyEC2AssociateElasticIP”,
“Effect”: “Deny”,
“Action”: [
“ec2:AssociateAddress”
],
“Resource”: "

}
]
}