Home/iptv-manager-service
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SendCommand permissions
All checks were successful
AWS Deploy on Push / build (push) Successful in 1m40s
Details

Browse Source
This commit is contained in:
Stefano Fiorini
2025-05-21 16:29:34 -05:00
parent be719a6e34
commit cb793ef5e1
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitea/workflows/aws_deploy_on_push.yml
View File

@@ -65,6 +65,7 @@ jobs:
for INSTANCE_ID in $INSTANCE_IDS; do for INSTANCE_ID in $INSTANCE_IDS; do
aws ssm send-command \ aws ssm send-command \
--region us-east-2 \
--instance-ids "$INSTANCE_ID" \ --instance-ids "$INSTANCE_ID" \
--document-name "AWS-RunShellScript" \ --document-name "AWS-RunShellScript" \
--parameters 'commands=[ --parameters 'commands=[

9
infrastructure/stack.py
View File

@@ -92,6 +92,15 @@ class IptvUpdaterStack(Stack):
resources=["*"] resources=["*"]
)) ))
# Add SSM SendCommand permissions
role.add_to_policy(iam.PolicyStatement(
actions=["ssm:SendCommand"],
resources=[
f"arn:aws:ec2:{self.region}:{self.account}:instance/*", # Allow on all EC2 instances
f"arn:aws:ssm:{self.region}:{self.account}:document/AWS-RunShellScript" # Required for the RunShellScript document
]
))
# Add Cognito permissions to instance role # Add Cognito permissions to instance role
role.add_managed_policy( role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name( iam.ManagedPolicy.from_aws_managed_policy_name(