Parameters: App: Type: String Description: Your application's name. Env: Type: String Description: The environment name your service, job, or workflow is being deployed to. Name: Type: String Description: The name of the service, job, or workflow being deployed. Resources: SSM: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: "2012-10-17" Statement: - Sid: SSMActions Effect: Allow Action: - ssm:Get* - ssm:List* Resource: "*" Observability: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: "2012-10-17" Statement: - Sid: Xray Effect: Allow Action: - xray:PutTraceSegments - xray:PutTelemetryRecords - xray:GetSamplingRules - xray:GetSamplingTargets - xray:GetSamplingStatisticSummaries Resource: "*" - Sid: AMP Effect: Allow Action: - aps:RemoteWrite Resource: "*" Outputs: # 1. You need to output the IAM ManagedPolicy so that Copilot can add it as a managed policy to your ECS task role. SSMAccessPolicyArn: Description: "The ARN of the ManagedPolicy to attach to the task role." Value: !Ref SSM ObservabilityAccessPolicyArn: Description: "The ARN of the ManagedPolicy to attach to the task role." Value: !Ref Observability