Closed JimTharioAmazon closed 2 years ago
@jleyvacorrivium FYI
The SSM team has updated their documentation about assigning roles to managed instances, and call out different levels of role including one for CloudWatch logging. We link to this from our MANAGED_INSTANCES.md guide.
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html
It looks like we need an updated set of policy permissions for managed instances.
We need to create a role for managed instances (MSAM-Managed-Instances) that includes: