[security] ensure deployer role has enough permissions to run CodeDeploy agent

Fixes #20
2018-05-30 13:54:52 -04:00 · 2018-05-30 13:54:52 -04:00 · cea762552c
parent 3ceda6eab6
commit cea762552c
1 changed files with 9 additions and 0 deletions
--- a/modules/stack/security.tf
+++ b/modules/stack/security.tf
@ -78,7 +78,16 @@ data "aws_iam_policy_document" "codedeploy-policy" {
      "tag:*",
      "ec2:DescribeInstances",
      "ec2:DescribeInstanceStatus",
+      "ec2messages:AcknowledgeMessage",
+      "ec2messages:DeleteMessage",
+      "ec2messages:FailMessage",
+      "ec2messages:GetEndpoint",
+      "ec2messages:GetMessages",
+      "ec2messages:SendReply",
      "sns:Publish",
+      "ssm:UpdateInstanceInformation",
+      "ssm:ListInstanceAssociations",
+      "ssm:ListAssociations"
    ]

    resources = ["*"]