AWS Policy to start-instance via AWS cli

I want to attach a AWS policy to a IAM user that only makes it possible to use AWS CLI for start-instance and stop-instance on EC2.

It works by using the AmazonEC2FullAccess policy, but I want to restrict it.

I used a mix of startInstances, stopInstances, describeInstances, ... but it didn't work.

Any ideas?