This PR fixes the problem with using the permissions granted with the BastionInstnace#grantBastiCliConnect method. When the account ID is specified for the document ARN, IAM produces the following error:
An error occurred (AccessDeniedException) when calling the StartSession operation: User: arn:aws:sts::507082836245:assumed-role/cdk-test-basti-instance-grant-connect/BohdanMac is not authorized to perform: ssm:StartSession on resource: arn:aws:ssm:us-east-1::document/AWS-StartPortForwardingSessionToRemoteHost because no identity-based policy allows the ssm:StartSession action
Related Issues/PRs
48
Checklist
[x] I cleaned up my code.
[x] All the tests and checks passed (npm run test).
[x] I have added necessary documentation and/or updated existing documentation.
[x] I have added or modified tests to cover the changes.
Proposed Changes
This PR fixes the problem with using the permissions granted with the
BastionInstnace#grantBastiCliConnectmethod. When the account ID is specified for the document ARN, IAM produces the following error:Related Issues/PRs
48
Checklist
npm run test).