Skip to content

Commit 68b9df2

Browse files
knizamiknizami
committed
Fix path references
1 parent e3b9514 commit 68b9df2

13 files changed

+298
-6
lines changed

.idea/$PRODUCT_WORKSPACE_FILE$

Lines changed: 19 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/.gitignore

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/aws.xml

Lines changed: 11 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/azureSettings.xml

Lines changed: 6 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/codeStyles/codeStyleConfig.xml

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/logging-monitoring-apg-guide-examples.iml

Lines changed: 9 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/misc.xml

Lines changed: 6 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/modules.xml

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/vcs.xml

Lines changed: 6 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

SSMQuickSetupAutomationRole.yml

Lines changed: 187 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,187 @@
1+
RoleForAutomation:
2+
Type: AWS::IAM::Role
3+
Properties:
4+
AssumeRolePolicyDocument:
5+
Version: '2012-10-17'
6+
Statement:
7+
- Effect: Allow
8+
Principal:
9+
Service:
10+
- ssm.amazonaws.com
11+
Action:
12+
- sts:AssumeRole
13+
Policies:
14+
- PolicyDocument:
15+
Version: '2012-10-17'
16+
Statement:
17+
- Effect: Allow
18+
Action:
19+
- iam:ListRoles
20+
- config:DescribeConfigurationRecorders
21+
- compute-optimizer:GetEnrollmentStatus
22+
- support:DescribeTrustedAdvisorChecks
23+
Resource: "*"
24+
- Effect: Allow
25+
Action:
26+
- ssm:UpdateServiceSetting
27+
- ssm:GetServiceSetting
28+
Resource:
29+
- Fn::Join:
30+
- ''
31+
- - 'arn:'
32+
- Ref: AWS::Partition
33+
- !Sub ":ssm:${AWS::Region}:${AWS::AccountId}:servicesetting/ssm/opsitem/ssm-patchmanager"
34+
- Fn::Join:
35+
- ''
36+
- - 'arn:'
37+
- Ref: AWS::Partition
38+
- !Sub ":ssm:${AWS::Region}:${AWS::AccountId}:servicesetting/ssm/opsitem/EC2"
39+
- Fn::Join:
40+
- ''
41+
- - 'arn:'
42+
- Ref: AWS::Partition
43+
- !Sub ":ssm:${AWS::Region}:${AWS::AccountId}:servicesetting/ssm/opsdata/ExplorerOnboarded"
44+
- Fn::Join:
45+
- ''
46+
- - 'arn:'
47+
- Ref: AWS::Partition
48+
- !Sub ":ssm:${AWS::Region}:${AWS::AccountId}:servicesetting/ssm/opsdata/Association"
49+
- Fn::Join:
50+
- ''
51+
- - 'arn:'
52+
- Ref: AWS::Partition
53+
- !Sub ":ssm:${AWS::Region}:${AWS::AccountId}:servicesetting/ssm/opsdata/ComputeOptimizer"
54+
- Fn::Join:
55+
- ''
56+
- - 'arn:'
57+
- Ref: AWS::Partition
58+
- !Sub ":ssm:${AWS::Region}:${AWS::AccountId}:servicesetting/ssm/opsdata/ConfigCompliance"
59+
- Fn::Join:
60+
- ''
61+
- - 'arn:'
62+
- Ref: AWS::Partition
63+
- !Sub ":ssm:${AWS::Region}:${AWS::AccountId}:servicesetting/ssm/opsdata/OpsData-TrustedAdvisor"
64+
- Fn::Join:
65+
- ''
66+
- - 'arn:'
67+
- Ref: AWS::Partition
68+
- !Sub ":ssm:${AWS::Region}:${AWS::AccountId}:servicesetting/ssm/opsdata/SupportCenterCase"
69+
- Effect: Allow
70+
Action:
71+
- iam:CreateServiceLinkedRole
72+
Resource:
73+
Fn::Join:
74+
- ''
75+
- - 'arn:'
76+
- Ref: AWS::Partition
77+
- !Sub ":iam::${AWS::AccountId}:role/aws-service-role/ssm."
78+
- Ref: AWS::URLSuffix
79+
- "/AWSServiceRoleForAmazonSSM"
80+
Condition:
81+
StringEquals:
82+
iam:AWSServiceName: ssm.amazonaws.com
83+
PolicyName: SSMQuickSetupEnableExplorerInlinePolicy
84+
- PolicyDocument:
85+
Version: '2012-10-17'
86+
Statement:
87+
- Effect: Allow
88+
Action:
89+
- ssm:GetAutomationExecution
90+
- ec2:DescribeIamInstanceProfileAssociations
91+
- ec2:DisassociateIamInstanceProfile
92+
- ec2:DescribeInstances
93+
- ssm:StartAutomationExecution
94+
- iam:GetInstanceProfile
95+
- iam:ListInstanceProfilesForRole
96+
Resource: "*"
97+
- Effect: Allow
98+
Action:
99+
- iam:AttachRolePolicy
100+
Resource: "*"
101+
Condition:
102+
ArnEquals:
103+
iam:PolicyARN:
104+
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
105+
- arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
106+
- arn:aws:iam::aws:policy/AmazonSSMPatchAssociation
107+
- Effect: Allow
108+
Action:
109+
- iam:AddRoleToInstanceProfile
110+
Resource:
111+
- Fn::Join:
112+
- ''
113+
- - 'arn:'
114+
- Ref: AWS::Partition
115+
- !Sub ":iam::${AWS::AccountId}:instance-profile/AmazonSSMRoleForInstancesQuickSetup"
116+
- Effect: Allow
117+
Action:
118+
- ec2:AssociateIamInstanceProfile
119+
Resource: "*"
120+
Condition:
121+
StringEquals:
122+
ec2:NewInstanceProfile:
123+
124+
- Fn::Join:
125+
- ''
126+
- - 'arn:'
127+
- Ref: AWS::Partition
128+
- !Sub ":iam::${AWS::AccountId}:instance-profile/AmazonSSMRoleForInstancesQuickSetup"
129+
- Effect: Allow
130+
Action:
131+
- iam:CreateInstanceProfile
132+
Resource:
133+
- Fn::Join:
134+
- ''
135+
- - 'arn:'
136+
- Ref: AWS::Partition
137+
- !Sub ":iam::${AWS::AccountId}:instance-profile/AmazonSSMRoleForInstancesQuickSetup"
138+
- Effect: Allow
139+
Action:
140+
- iam:PassRole
141+
- iam:GetRole
142+
Resource:
143+
- Fn::Join:
144+
- ''
145+
- - 'arn:'
146+
- Ref: AWS::Partition
147+
- !Sub ":iam::${AWS::AccountId}:role/AmazonSSMRoleForInstancesQuickSetup"
148+
- Fn::Join:
149+
- ''
150+
- - 'arn:'
151+
- Ref: AWS::Partition
152+
- !Sub ":iam::${AWS::AccountId}:role/AWS-QuickSetup-HostMgmtRole-"
153+
- Ref: AWS::Region
154+
- "-"
155+
- Ref: QSConfigurationId
156+
- Effect: Allow
157+
Action:
158+
- iam:CreateRole
159+
Resource:
160+
- Fn::Join:
161+
- ''
162+
- - 'arn:'
163+
- Ref: AWS::Partition
164+
- !Sub ":iam::${AWS::AccountId}:role/AmazonSSMRoleForInstancesQuickSetup"
165+
- Effect: Allow
166+
Action:
167+
- iam:PutRolePolicy
168+
Resource:
169+
- Fn::Join:
170+
- ''
171+
- - 'arn:'
172+
- Ref: AWS::Partition
173+
- !Sub ":iam::${AWS::AccountId}:role/AmazonSSMRoleForInstancesQuickSetup"
174+
PolicyName:
175+
Fn::Join:
176+
- ''
177+
- - AWS-QuickSetup-SSMHostMgmt-CreateAndAttachRoleInlinePolicy-
178+
- Ref: AWS::Region
179+
- "-"
180+
- Ref: QSConfigurationId
181+
RoleName:
182+
Fn::Join:
183+
- ''
184+
- - AWS-QuickSetup-HostMgmtRole-
185+
- Ref: AWS::Region
186+
- "-"
187+
- Ref: QSConfigurationId

0 commit comments

Comments
 (0)