Open Kirizan opened 3 weeks ago
I discovered that ssm:ListCommandInvocations
was also missing from the list, so I added that to the PR.
I forgot to mention, the PR I submitted is based on the 3.3.5 template, not the 3.3.4 template. The only difference is the 3.3.5 template had already added the ssm:GetDocument
permission in the policy MGNPostLaunchActions
.
Thank you for bringing this to our attention! We're looking into it!
Describe the bug The permissions defined for the role
CMF-MGNAutomation
deployed to the target accounts is missing permissions required to run post-launch actions.To Reproduce Follow instructions here to remove vmware tools.
When a test cutover runs, the following error appears:
The ssm:GetDocument is not the only missing action, adding the
ssm:GetDocument
permission leads to the two following actions being missing also:ssm:SendCommand
ssm:StartSession
Expected behavior I expect the post-launch actions to run.
Please complete the following information about the solution:
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0097) - AWS CloudEndure Migration Factory Solution. Version v1.1.0".
Screenshots None
Additional context PR Incoming to fix these issues.