New: Become a sponsor via GitHub Sponsors!

Migrate from v9 to v10


If you have SystemsManagerAccess set to true, we previously attached the managed policy AmazonEC2RoleforSSM but now only attach the following IAM permissions:

This reducdes the permissions but is sufficient to make SSM Session Manager and Run Commands work.

To restore the previous permissions (which are not following the least privilege principle), set the new parameter ManagedPolicyArns to arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM.


Deprecation warnings