|
1 | 1 | { |
2 | 2 | "PolicyVersion": { |
3 | | - "CreateDate": "2025-05-05T10:52:06Z", |
4 | | - "VersionId": "v3", |
| 3 | + "CreateDate": "2025-10-27T11:49:07Z", |
| 4 | + "VersionId": "v4", |
5 | 5 | "Document": { |
6 | 6 | "Version": "2012-10-17", |
7 | 7 | "Statement": [ |
|
351 | 351 | "aws:RequestTag/QuickSetupDocumentVersionName": "*" |
352 | 352 | } |
353 | 353 | } |
| 354 | + }, |
| 355 | + { |
| 356 | + "Action": [ |
| 357 | + "ssm:CreateAssociation", |
| 358 | + "ssm:AddTagsToResource" |
| 359 | + ], |
| 360 | + "Resource": [ |
| 361 | + "arn:aws:ssm:*:*:association/*" |
| 362 | + ], |
| 363 | + "Effect": "Allow", |
| 364 | + "Condition": { |
| 365 | + "StringEquals": { |
| 366 | + "aws:RequestTag/QuickSetupDocument": [ |
| 367 | + "AWSQuickSetupType-SSM" |
| 368 | + ] |
| 369 | + } |
| 370 | + } |
| 371 | + }, |
| 372 | + { |
| 373 | + "Action": [ |
| 374 | + "ssm:CreateAssociation", |
| 375 | + "ssm:UpdateAssociation", |
| 376 | + "ssm:DeleteAssociation", |
| 377 | + "ssm:DescribeAssociation" |
| 378 | + ], |
| 379 | + "Resource": "arn:aws:ssm:*::document/AWSQuickSetupType-SSM-ManageResources", |
| 380 | + "Effect": "Allow" |
| 381 | + }, |
| 382 | + { |
| 383 | + "Action": [ |
| 384 | + "ssm:UpdateAssociation", |
| 385 | + "ssm:DeleteAssociation", |
| 386 | + "ssm:DescribeAssociation" |
| 387 | + ], |
| 388 | + "Resource": [ |
| 389 | + "arn:aws:ssm:*:*:association/*" |
| 390 | + ], |
| 391 | + "Effect": "Allow", |
| 392 | + "Condition": { |
| 393 | + "StringEquals": { |
| 394 | + "aws:ResourceTag/QuickSetupDocument": [ |
| 395 | + "AWSQuickSetupType-SSM" |
| 396 | + ] |
| 397 | + } |
| 398 | + } |
| 399 | + }, |
| 400 | + { |
| 401 | + "Action": [ |
| 402 | + "ssm:AddTagsToResource", |
| 403 | + "ssm:RemoveTagsFromResource" |
| 404 | + ], |
| 405 | + "Resource": [ |
| 406 | + "arn:aws:ssm:*:*:automation-execution/*", |
| 407 | + "arn:aws:ssm:*:*:association/*" |
| 408 | + ], |
| 409 | + "Effect": "Allow", |
| 410 | + "Condition": { |
| 411 | + "StringEquals": { |
| 412 | + "aws:ResourceTag/QuickSetupDocument": [ |
| 413 | + "AWSQuickSetupType-SSM" |
| 414 | + ] |
| 415 | + } |
| 416 | + } |
| 417 | + }, |
| 418 | + { |
| 419 | + "Action": [ |
| 420 | + "ssm:DescribeAssociationExecutions", |
| 421 | + "ssm:DescribeAssociationExecutionTargets", |
| 422 | + "ssm:GetAutomationExecution" |
| 423 | + ], |
| 424 | + "Resource": [ |
| 425 | + "arn:aws:ssm:*:*:automation-execution/*", |
| 426 | + "arn:aws:ssm:*:*:association/*" |
| 427 | + ], |
| 428 | + "Effect": "Allow", |
| 429 | + "Condition": { |
| 430 | + "ForAnyValue:StringEquals": { |
| 431 | + "aws:CalledVia": [ |
| 432 | + "cloudformation.amazonaws.com" |
| 433 | + ] |
| 434 | + }, |
| 435 | + "StringEquals": { |
| 436 | + "aws:ResourceTag/QuickSetupDocument": [ |
| 437 | + "AWSQuickSetupType-SSM" |
| 438 | + ] |
| 439 | + } |
| 440 | + } |
| 441 | + }, |
| 442 | + { |
| 443 | + "Action": "iam:PassRole", |
| 444 | + "Resource": "arn:aws:iam::*:role/AWS-QuickSetup-SSM-ManageResources*", |
| 445 | + "Effect": "Allow", |
| 446 | + "Condition": { |
| 447 | + "StringEquals": { |
| 448 | + "iam:ResourceTag/QuickSetupDocument": [ |
| 449 | + "AWSQuickSetupType-SSM" |
| 450 | + ], |
| 451 | + "iam:PassedToService": [ |
| 452 | + "ssm.amazonaws.com" |
| 453 | + ] |
| 454 | + } |
| 455 | + } |
354 | 456 | } |
355 | 457 | ] |
356 | 458 | }, |
|
0 commit comments