1 Answer
- Newest
- Most votes
- Most comments
0
Hi, could be the resource. It’s complaining about “ arn:aws:ssm:us-east-1:480607316411:parameter/WindowsAgentConfig” but your expression is “ arn:aws:ssm:us-east-1:480607316411:parameter/Amazon-Cloudwatch..”
Can you try with “ arn:aws:ssm:us-east-1:480607316411:parameter/*” as test?
Relevant content
- asked 2 years ago
- asked 10 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 9 months ago
Sorry, I'm quite inexperienced with this and I'm not sure I follow. I tried the following:
aws ssm put-parameter --name "*" --type "String" --value file://C:\ProgramData\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent.json --overwrite --tier Intelligent-Tiering
But got a similar response: An error occurred (AccessDeniedException) when calling the PutParameter operation: User: arn:aws:sts::480607316411:assumed-role/CloudWatchAgentAdminRole/i-071eb9d7a32d10801 is not authorized to perform: ssm:PutParameter on resource: arn:aws:ssm:us-east-1:480607316411:parameter/* because no identity-based policy allows the ssm:PutParameter action
I'm sure I'm not doing what you suggested the right way
What @alatech suggested is replacing the "Resource": " arn:aws:ssm:::parameter/AmazonCloudWatch-* " in your policy with "Resource": " arn:aws:ssm:::parameter/* ". Currently it won't match your "WindowsAgentConfig" parameter so you effectively have no Allow statements for your specific PutParameter call.