Replace soon deprecated policy AmazonEC2RoleforSSM in the template

aws-samples / service-catalog-engine-for-terraform-os

Apache License 2.0

130 stars 40 forks source link

Replace soon deprecated policy AmazonEC2RoleforSSM in the template #33

Closed zipengw27 closed 1 year ago

zipengw27 commented 1 year ago

Description of changes:

This PR replaces soon deprecated AmazonEC2RoleforSSM managed policy with AmazonSSMManagedInstanceCore and CloudWatchAgentServerPolicy managed policies according to this AWS blog post.

Testing:

Deployed with updated template. Verified TerraformExecutionRole is updated with the new policies. Tried the provision and terminate workflows with the new policies and everything runs fine.

Issue:

Fixes #25

zipengw27 commented 1 year ago

The customers are not required to update this for their running TRE infra since deprecated policy can still be used for existing roles that are attached with it. However, once AmazonEC2RoleforSSM is officially deprecated, customers need to install new TRE with this commit.