Systems Manager: Automation

Question

Hello,On exercise 4 (Create playbook) I'm getting an error if I configure Step One according the instruction, and I can't proceed with the playbook creation."AccessDeniedException: User: {{user}} is not authorized to perform: ssm:CreateDocument on resource: {{resource}}/NewRunbook because no permissions boundary allows the ssm:CreateDocument action"This is how I structured the code:schemaVersion: '0.3'assumeRole: {{according the instructions}}description: EC2-Stop-Prod-EU-WEST-1mainSteps:&nbsp; - name: Pause&nbsp; &nbsp; action: aws:pause&nbsp; &nbsp; nextStep: Approve&nbsp; &nbsp; isEnd: false&nbsp; &nbsp; inputs: {}&nbsp; - name: Approve&nbsp; &nbsp; action: aws:approve&nbsp; &nbsp; nextStep: get_instance_ids&nbsp; &nbsp; isEnd: false&nbsp; &nbsp; inputs:&nbsp; &nbsp; &nbsp; Approvers:&nbsp; &nbsp; &nbsp; &nbsp; - {{according the instructions}}&nbsp; - name: get_instance_ids&nbsp; &nbsp; action: aws:executeAwsApi&nbsp; &nbsp; nextStep: turn_off_prod_instances&nbsp; &nbsp; isEnd: false&nbsp; &nbsp; inputs:&nbsp; &nbsp; &nbsp; Api: DescribeInstances&nbsp; &nbsp; &nbsp; Service: ec2&nbsp; &nbsp; &nbsp; Filters:&nbsp; &nbsp; &nbsp; &nbsp; - Name: tag-key&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Values:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - prod&nbsp; &nbsp; &nbsp; &nbsp; - Name: instance-state-name&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Values:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - running&nbsp; &nbsp; outputs:&nbsp; &nbsp; &nbsp; - Name: InstanceIds&nbsp; &nbsp; &nbsp; &nbsp; Selector: $.Reservations..Instances..InstanceId&nbsp; &nbsp; &nbsp; &nbsp; Type: StringList&nbsp; - name: turn_off_prod_instances&nbsp; &nbsp; action: aws:executeScript&nbsp; &nbsp; isEnd: true&nbsp; &nbsp; inputs:&nbsp; &nbsp; &nbsp; Runtime: python3.8&nbsp; &nbsp; &nbsp; Handler: script_handler&nbsp; &nbsp; &nbsp; Script: |-&nbsp; &nbsp; &nbsp; &nbsp; def script_handler(events,context):&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; import boto3&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; #Initialize client&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ec2 = boto3.client('ec2')&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; instanceList = events['InstanceIds']&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; for instance in instanceList:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ec2.stop_instances(InstanceIds=[instance])&nbsp; &nbsp; &nbsp; InputPayload:&nbsp; &nbsp; &nbsp; &nbsp; InstanceIds: '{{get_instance_ids.InstanceIds}}'Does anyone had the same error while doing this lab?Regards,

nyeprior · Accepted Answer

TillyCorless T3S0r0 I can confirm that this is working as expected now, if you're still seeing the permission error, I'd double check you're changing the name of the runbook before saving it for the first time.