AWS Trigger Automation from CloudWatch scheduled event

Question

I have the following event source type "schedule" - 20 18 ? ** SAT **. The target is SSM Automation. I have the following option ticked "Create a new role for this specific resource". When I proceed to create rule section I get the following error: Error There was an error while saving rule SomeNameTest. Details: The Automation definition used by an SSM Automation target must contain an Assume Role which evaluates to an IAM arn.  
  
The role is supposed to be automatically create, what am I missing the documentation is really hard to follow.  
  
I have checked to create a role for CloudWatch Events against SSM, but didn't see such option.

Answer

I have fixed that by creating a role, then adding it as assume role in the automation document, the creating the event, I have allowed amazon to create a document for me that allows simply gives permissions to run ssm specific document.  
{  
    "Version": "2012-10-17",  
    "Statement": \[  
        {  
            "Effect": "Allow",  
            "Action": \[  
                "ssm:*"  
            ],  
            "Resource": \[  
                "arn:aws:ssm:eu-west-2:{SomeAccountNumber-PLACEHOLDER}:*",  
                "arn:aws:ssm:eu-west-2::document/AWS-RunPowerShellScript"  
            ]  
        },  
        {  
            "Effect": "Allow",  
            "Action": \[  
                "ssm:*"  
            ],  
            "Condition": {  
                "StringEquals": {  
                    "ssm:ResourceTag/{SomeKeyPlaceholder}": "{SomeKeyValuePlaceholder}"  
                }  
            },  
            "Resource": \[  
                "arn:aws:ec2:eu-west-2:{SomeAccountNumber-PLACEHOLDER}:instance/*"  
            ]  
        }  
    ]  
}  
  
Edited by: angelovopsan on Jun 30, 2019 4:30 AM

AWS Trigger Automation from CloudWatch scheduled event

Relevanter Inhalt