in src/constructs/iam/policies/ssm-ssh.ts [19:42]
private constructor(scope: GuStack) {
super(scope, "SsmSshPolicy", {
policyName: "ssm-ssh-policy",
actions: [
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply",
"ssm:UpdateInstanceInformation",
"ssm:ListInstanceAssociations",
"ssm:DescribeInstanceProperties",
"ssm:DescribeDocumentParameters",
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel",
],
// TODO can this be scoped to the stack, stage, and application? If so, it won't make sense to be a singleton.
resources: ["*"],
});
}