Adding SSM agent and permissions to Batch hosts to allow SSM capabili… (#74)

* Adding SSM agent and permissions to Batch hosts to allow SSM capabilities like Session Manager to facilitate troubleshooting via SSH without needing an EC2 keypair.

* Missed the already existing managed arn section.

Author: paulu-aws

src/templates/aws-genomics-iam.template.yaml

@@ -94,6 +94,7 @@ Resources:
       ManagedPolicyArns:
       - "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
       - "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
+      - "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
   GenomicsEnvBatchInstanceProfile:
     Type: AWS::IAM::InstanceProfile
     Properties:

src/templates/aws-genomics-launch-template.template.yaml

@@ -143,11 +143,14 @@ Resources:
               - python27-pip
               - sed
               - wget
+              - amazon-ssm-agent
 
               runcmd:
               - pip install -U awscli boto3
               - scratchPath="${ScratchMountPoint}"
               - artifactRootUrl="${ArtifactRootUrl}"
+              - start amazon-ssm-agent
+
               ${ECSAdditions}
 
               --==BOUNDARY==--