1 個回答
- 最新
- 最多得票
- 最多評論
0
I have fixed that by creating a role, then adding it as assume role in the automation document, the creating the event, I have allowed amazon to create a document for me that allows simply gives permissions to run ssm specific document.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:"
],
"Resource": [
"arn:aws:ssm:eu-west-2:{SomeAccountNumber-PLACEHOLDER}:",
"arn:aws:ssm:eu-west-2::document/AWS-RunPowerShellScript"
]
},
{
"Effect": "Allow",
"Action": [
"ssm:"
],
"Condition": {
"StringEquals": {
"ssm:ResourceTag/{SomeKeyPlaceholder}": "{SomeKeyValuePlaceholder}"
}
},
"Resource": [
"arn:aws:ec2:eu-west-2:{SomeAccountNumber-PLACEHOLDER}:instance/"
]
}
]
}
Edited by: angelovopsan on Jun 30, 2019 4:30 AM
已回答 5 年前
相關內容
- 已提問 6 個月前
- AWS 官方已更新 3 年前