Giters

aws-solutions / media-services-application-mapper

Media Services Application Mapper is a browser-based tool that allows operators to visualize the structure and logical connections among AWS Media Services and supporting services in the cloud. The tool can be used as a top-down resource monitoring tool when integrated with CloudWatch.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Update IAM role usage directions in Managed Instances guide

JimTharioAmazon opened this issue · comments

commented

It looks like we need an updated set of policy permissions for managed instances.

We need to create a role for managed instances (MSAM-Managed-Instances) that includes:

  1. AmazonSSMManagedInstanceCore (for basic control functionality), and
  2. Inline policy similar to AWSLambdaBasicExecutionRole with logging permissions:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}
commented

The SSM team has updated their documentation about assigning roles to managed instances, and call out different levels of role including one for CloudWatch logging. We link to this from our MANAGED_INSTANCES.md guide.

https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html