Skip to content
This repository has been archived by the owner on Dec 30, 2024. It is now read-only.

Update IAM role usage directions in Managed Instances guide #240

Closed
JimTharioAmazon opened this issue Aug 9, 2021 · 2 comments
Closed

Update IAM role usage directions in Managed Instances guide #240

JimTharioAmazon opened this issue Aug 9, 2021 · 2 comments
Assignees
@JimTharioAmazon
Labels
back-end Issues related to the cloud-side, resources, data bug Something isn't working documentation Enhance or update documentation help wanted Extra attention is needed monitoring feature Feature related to monitoring
Milestone
v1.10.0

Comments

@JimTharioAmazon
Copy link
Member

It looks like we need an updated set of policy permissions for managed instances.

We need to create a role for managed instances (MSAM-Managed-Instances) that includes:

  1. AmazonSSMManagedInstanceCore (for basic control functionality), and
  2. Inline policy similar to AWSLambdaBasicExecutionRole with logging permissions:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}
@JimTharioAmazon JimTharioAmazon added bug Something isn't working help wanted Extra attention is needed monitoring feature Feature related to monitoring documentation Enhance or update documentation back-end Issues related to the cloud-side, resources, data labels Aug 9, 2021
@JimTharioAmazon JimTharioAmazon added this to the v1.10.0 milestone Aug 9, 2021
@JimTharioAmazon
Copy link
Member Author

@jleyvacorrivium FYI

@JimTharioAmazon JimTharioAmazon self-assigned this Dec 1, 2021
@JimTharioAmazon
Copy link
Member Author

The SSM team has updated their documentation about assigning roles to managed instances, and call out different levels of role including one for CloudWatch logging. We link to this from our MANAGED_INSTANCES.md guide.

https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@JimTharioAmazon JimTharioAmazon

Labels
back-end Issues related to the cloud-side, resources, data bug Something isn't working documentation Enhance or update documentation help wanted Extra attention is needed monitoring feature Feature related to monitoring
Projects
None yet
Milestone
v1.10.0
Development

No branches or pull requests
1 participant
@JimTharioAmazon