@@ -27,13 +27,60 @@ Parameters:
2727
2828Resources :
2929
30+ SSMRole :
31+ Type : AWS::IAM::Role
32+ Properties :
33+ AssumeRolePolicyDocument :
34+ Version : ' 2012-10-17'
35+ Statement :
36+ - Effect : Allow
37+ Principal :
38+ Service : ec2.amazonaws.com
39+ Action : ' sts:AssumeRole'
40+ Path : " /"
41+ Policies :
42+ - PolicyName : SSMInstancePolicy
43+ PolicyDocument :
44+ Version : ' 2012-10-17'
45+ Statement :
46+ - Effect : Allow
47+ Action :
48+ - ' ssm:DescribeAssociation'
49+ - ' ssm:GetDeployablePatchSnapshotForInstance'
50+ - ' ssm:GetDocument'
51+ - ' ssm:DescribeDocument'
52+ - ' ssm:GetManifest'
53+ - ' ssm:GetParameter'
54+ - ' ssm:GetParameters'
55+ - ' ssm:ListAssociations'
56+ - ' ssm:ListInstanceAssociations'
57+ - ' ssm:PutInventory'
58+ - ' ssm:PutComplianceItems'
59+ - ' ssm:PutConfigurePackageResult'
60+ - ' ssm:UpdateAssociationStatus'
61+ - ' ssm:UpdateInstanceAssociationStatus'
62+ - ' ssm:UpdateInstanceInformation'
63+ - ' ec2messages:GetEndpoint'
64+ - ' ec2messages:GetMessages'
65+ - ' ec2messages:SendReply'
66+ - ' cloudwatch:PutMetricData'
67+ Resource : ' *'
68+
69+ SSMInstanceProfile :
70+ Type : AWS::IAM::InstanceProfile
71+ Properties :
72+ Path : " /"
73+ Roles :
74+ - Ref : SSMRole
75+
3076 LaunchConfiguration :
3177 Type : AWS::AutoScaling::LaunchConfiguration
3278 Properties :
3379 AssociatePublicIpAddress : true
3480 ImageId : !Ref 'LatestAmiId'
3581 InstanceType : !Ref 'InstanceType'
3682 KeyName : !Ref 'KeyName'
83+ IamInstanceProfile : !Ref SSMInstanceProfile
3784 UserData :
3885 Fn::Base64 : !Sub |
3986 # !/bin/bash
@@ -54,4 +101,3 @@ Resources:
54101 - Key : Name
55102 Value : !Sub '${AWS::StackName}'
56103 PropagateAtLaunch : ' true'
57-
0 commit comments