We have tried out SSM Quick Setup which works similar to what we are trying to achieve, but in addition to the default policies we would also like to add a custom policy. Preferably we would like to do this across our whole organisation.
Desired outcome:
- EC2 instances without an IAM Instance Profile should get one attached, with the custom policies.
- EC2 instances with an existing IAM Instance Profile should get the custom policies attached to its role.
Is there any way to either update the permissions that Quick Setup assigns, or a way to do this outside of Quick Setup?