That’s quite a bit of work. Not because it’s complicated or anything, but because there are a lot of permissions.
The way I go about it usually is try to simplify. For each resource type (ec2, s3, etc.) create a set of read/use/admin permissions. “read” means read-only, “use” means manipulate the resource in some way, “admin” means full access which usually involves being able to destroying the resource. What that means exactly for each AWS service differs a lot depending on service. For some it doesn’t make sense to have all three kinds, some might need a forth.