diff --git a/CHANGELOG.md b/CHANGELOG.md
index 562fe7b09..60b1780d7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,9 @@
 BUG FIXES:
 
 * core: default user variable values don't need to be strings. [GH-456]
+* builder/amazon-chroot: Fix errors with waitin for state change. [GH-459]
+* communicator/ssh: SCP uploads now work properly when directories
+  contain symlinks. [GH-449]
 
 ## 0.3.8 (September 22, 2013)
 
diff --git a/builder/amazon/chroot/step_attach_volume.go b/builder/amazon/chroot/step_attach_volume.go
index 1b1bce0f2..ab2ddb708 100644
--- a/builder/amazon/chroot/step_attach_volume.go
+++ b/builder/amazon/chroot/step_attach_volume.go
@@ -60,7 +60,8 @@ func (s *StepAttachVolume) Run(state multistep.StateBag) multistep.StepAction {
 				return nil, "", errors.New("No attachments on volume.")
 			}
 
-			return nil, resp.Volumes[0].Attachments[0].Status, nil
+			a := resp.Volumes[0].Attachments[0]
+			return a, a.Status, nil
 		},
 	}
 
@@ -111,12 +112,12 @@ func (s *StepAttachVolume) CleanupFunc(state multistep.StateBag) error {
 				return nil, "", err
 			}
 
-			state := "detached"
-			if len(resp.Volumes[0].Attachments) > 0 {
-				state = resp.Volumes[0].Attachments[0].Status
+			v := resp.Volumes[0]
+			if len(v.Attachments) > 0 {
+				return v, v.Attachments[0].Status, nil
+			} else {
+				return v, "detached", nil
 			}
-
-			return nil, state, nil
 		},
 	}
 
diff --git a/builder/amazon/chroot/step_create_volume.go b/builder/amazon/chroot/step_create_volume.go
index 5346bf1ca..0b89cf642 100644
--- a/builder/amazon/chroot/step_create_volume.go
+++ b/builder/amazon/chroot/step_create_volume.go
@@ -75,7 +75,8 @@ func (s *StepCreateVolume) Run(state multistep.StateBag) multistep.StepAction {
 				return nil, "", err
 			}
 
-			return nil, resp.Volumes[0].Status, nil
+			v := resp.Volumes[0]
+			return v, v.Status, nil
 		},
 	}
 
diff --git a/builder/amazon/chroot/step_snapshot.go b/builder/amazon/chroot/step_snapshot.go
index 22cf4d17f..e065da2df 100644
--- a/builder/amazon/chroot/step_snapshot.go
+++ b/builder/amazon/chroot/step_snapshot.go
@@ -51,7 +51,8 @@ func (s *StepSnapshot) Run(state multistep.StateBag) multistep.StepAction {
 				return nil, "", errors.New("No snapshots found.")
 			}
 
-			return nil, resp.Snapshots[0].Status, nil
+			s := resp.Snapshots[0]
+			return s, s.Status, nil
 		},
 	}
 
diff --git a/communicator/ssh/communicator.go b/communicator/ssh/communicator.go
index 96de20de0..e2eea4b21 100644
--- a/communicator/ssh/communicator.go
+++ b/communicator/ssh/communicator.go
@@ -408,8 +408,27 @@ func scpUploadDir(root string, fs []os.FileInfo, w io.Writer, r *bufio.Reader) e
 	for _, fi := range fs {
 		realPath := filepath.Join(root, fi.Name())
 
-		if !fi.IsDir() {
-			// It is a regular file, just upload it
+		// Track if this is actually a symlink to a directory. If it is
+		// a symlink to a file we don't do any special behavior because uploading
+		// a file just works. If it is a directory, we need to know so we
+		// treat it as such.
+		isSymlinkToDir := false
+		if fi.Mode() & os.ModeSymlink == os.ModeSymlink {
+			symPath, err := filepath.EvalSymlinks(realPath)
+			if err != nil {
+				return err
+			}
+
+			symFi, err := os.Lstat(symPath)
+			if err != nil {
+				return err
+			}
+
+			isSymlinkToDir = symFi.IsDir()
+		}
+
+		if !fi.IsDir() && !isSymlinkToDir {
+			// It is a regular file (or symlink to a file), just upload it
 			f, err := os.Open(realPath)
 			if err != nil {
 				return err
diff --git a/website/source/docs/builders/amazon-chroot.html.markdown b/website/source/docs/builders/amazon-chroot.html.markdown
index 5d0f23b6e..8b593c3e5 100644
--- a/website/source/docs/builders/amazon-chroot.html.markdown
+++ b/website/source/docs/builders/amazon-chroot.html.markdown
@@ -188,3 +188,37 @@ out of your AMI builds.
 
 Packer properly obtains a process lock for the parallelism-sensitive parts
 of its internals such as finding an available device.
+
+## Using an IAM Instance Profile
+
+If AWS keys are not specified in the template or through environment variables
+Packer will use credentials provided by the instance's IAM profile, if it has one.
+
+The following policy document provides the minimal set permissions necessary for Packer to work:
+
+<pre class="prettyprint">
+{
+  "Statement": [{
+      "Effect": "Allow",
+      "Action" : [
+        "ec2:AttachVolume",
+        "ec2:CreateVolume",
+        "ec2:DeleteVolume",
+        "ec2:DescribeVolumes",
+        "ec2:DetachVolume",
+
+        "ec2:DescribeInstances",
+
+        "ec2:CreateSnapshot",
+        "ec2:DeleteSnapshot",
+        "ec2:DescribeSnapshots",
+
+        "ec2:DescribeImages",
+        "ec2:RegisterImage",
+
+        "ec2:CreateTags"
+      ],
+      "Resource" : "*"
+  }]
+}
+</pre>