From e27c5e9f6acec2f151bb0ef3ac1ecf739da50b09 Mon Sep 17 00:00:00 2001
From: Nick Kirby <33106137+Kirizan@users.noreply.github.com>
Date: Tue, 27 Aug 2024 08:24:19 -0400
Subject: [PATCH 1/2] Added permissions required for Post-Launch actions to run

---
 ...ws-cloud-migration-factory-solution-target-account.template | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/deployment/CFN-templates/aws-cloud-migration-factory-solution-target-account.template b/deployment/CFN-templates/aws-cloud-migration-factory-solution-target-account.template
index 252d7e9..43a83ce 100644
--- a/deployment/CFN-templates/aws-cloud-migration-factory-solution-target-account.template
+++ b/deployment/CFN-templates/aws-cloud-migration-factory-solution-target-account.template
@@ -86,6 +86,7 @@ Resources:
                   - 'ssm:GetAutomationExecution'
                   - 'ssm:StartAutomationExecution'
                   - 'ssm:DescribeDocument'
+                  - 'ssm:GetDocument'
                 Resource:
                   - 'arn:aws:ssm:*:*:document/*'
                   - 'arn:aws:ssm:*:*:automation-definition/*:*'
@@ -93,6 +94,8 @@ Resources:
               - Effect: Allow
                 Action:
                   - 'ssm:DescribeInstanceInformation'
+                  - 'ssm:SendCommand'
+                  - 'ssm:StartSession'
                 Resource: '*'
         - PolicyName: MGNPostLaunchActions
           PolicyDocument:

From 71610f7473fa55fe0cc9ef0160e3ce437f4a3111 Mon Sep 17 00:00:00 2001
From: Nick Kirby <33106137+Kirizan@users.noreply.github.com>
Date: Tue, 27 Aug 2024 14:53:43 -0400
Subject: [PATCH 2/2] Added missing permission, re-ordered perms to match
 3.3.5's updates

---
 ...cloud-migration-factory-solution-target-account.template | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/deployment/CFN-templates/aws-cloud-migration-factory-solution-target-account.template b/deployment/CFN-templates/aws-cloud-migration-factory-solution-target-account.template
index 43a83ce..fd9ccaf 100644
--- a/deployment/CFN-templates/aws-cloud-migration-factory-solution-target-account.template
+++ b/deployment/CFN-templates/aws-cloud-migration-factory-solution-target-account.template
@@ -86,7 +86,6 @@ Resources:
                   - 'ssm:GetAutomationExecution'
                   - 'ssm:StartAutomationExecution'
                   - 'ssm:DescribeDocument'
-                  - 'ssm:GetDocument'
                 Resource:
                   - 'arn:aws:ssm:*:*:document/*'
                   - 'arn:aws:ssm:*:*:automation-definition/*:*'
@@ -94,8 +93,6 @@ Resources:
               - Effect: Allow
                 Action:
                   - 'ssm:DescribeInstanceInformation'
-                  - 'ssm:SendCommand'
-                  - 'ssm:StartSession'
                 Resource: '*'
         - PolicyName: MGNPostLaunchActions
           PolicyDocument:
@@ -111,7 +108,10 @@ Resources:
                   - 'ssm:DeleteParameters'
                   - 'ssm:GetParameter'
                   - 'ssm:GetParameters'
+                  - 'ssm:SendCommand'
                   - 'ssm:GetDocument'
+                  - 'ssm:StartSession'
+                  - 'ssm:ListCommandInvocations'
                 Resource: '*'
         -
           PolicyName: LambdaRolePolicy