moskyb
commented
5 months ago The core thing I was trying to get in here was the per-stack IAM role and instance profile functionality, as right now this template only let's you provide the ARN of a pre-existing instance profile to attach to the instances.
if you're keen to reduce the scope of the changes being made just to what you need - perhaps just the IAM changes - it'd increase the likelihood that we're able to verify and merge these changes
fd-jonathanlinn
The core thing I was trying to get in here was the per-stack IAM role and instance profile functionality, as right now this template only let's you provide the ARN of a pre-existing instance profile to attach to the instances.
Through porting that I also pulled over some of the SSM and S3 parameters, conditions, and resources, although this has mostly been done to minimise effort in providing the IAM functionality. But the stack will create a secrets bucket for you now if you wish, and it will create ParameterStore entries too.
Also brings parity with the agent naming via tags as well, defaulting to StackName if no value is provided for InstanceName.
The template passes validation on the CLI, but more importantly deployed without problems for me (using a pre-existing secrets bucket, and providing the AgentToken to the template)