1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
I have fixed that by creating a role, then adding it as assume role in the automation document, the creating the event, I have allowed amazon to create a document for me that allows simply gives permissions to run ssm specific document.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:"
],
"Resource": [
"arn:aws:ssm:eu-west-2:{SomeAccountNumber-PLACEHOLDER}:",
"arn:aws:ssm:eu-west-2::document/AWS-RunPowerShellScript"
]
},
{
"Effect": "Allow",
"Action": [
"ssm:"
],
"Condition": {
"StringEquals": {
"ssm:ResourceTag/{SomeKeyPlaceholder}": "{SomeKeyValuePlaceholder}"
}
},
"Resource": [
"arn:aws:ec2:eu-west-2:{SomeAccountNumber-PLACEHOLDER}:instance/"
]
}
]
}
Edited by: angelovopsan on Jun 30, 2019 4:30 AM
répondu il y a 5 ans
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans