Kirizan
commented
3 weeks ago I discovered that ssm:ListCommandInvocations was also missing from the list, so I added that to the PR.
Open Kirizan opened 3 weeks ago
Kirizan
commented
3 weeks ago I discovered that ssm:ListCommandInvocations was also missing from the list, so I added that to the PR.
Kirizan
commented
3 weeks ago I forgot to mention, the PR I submitted is based on the 3.3.5 template, not the 3.3.4 template. The only difference is the 3.3.5 template had already added the ssm:GetDocument permission in the policy MGNPostLaunchActions.
tbelmega
commented
3 weeks ago Thank you for bringing this to our attention! We're looking into it!
Describe the bug The permissions defined for the role
CMF-MGNAutomationdeployed to the target accounts is missing permissions required to run post-launch actions.To Reproduce Follow instructions here to remove vmware tools.
When a test cutover runs, the following error appears:
The ssm:GetDocument is not the only missing action, adding the
ssm:GetDocumentpermission leads to the two following actions being missing also:ssm:SendCommandssm:StartSessionExpected behavior I expect the post-launch actions to run.
Please complete the following information about the solution:
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0097) - AWS CloudEndure Migration Factory Solution. Version v1.1.0".
Screenshots None
Additional context PR Incoming to fix these issues.