From 755da724b380b0f8ff5c1461a18725b264a8c695 Mon Sep 17 00:00:00 2001
From: cruizba <carlos.ruizbal@gmail.com>
Date: Tue, 27 Jan 2026 20:00:40 +0100
Subject: [PATCH] openvidu-deployment: aws - Change IAM policy resources in
 CloudFormation templates for automation execution change in AWS

---
 openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml | 4 +++-
 openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml           | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml
index cb9addfa6..4496e0b23 100644
--- a/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml
+++ b/openvidu-deployment/pro/elastic/aws/cf-openvidu-elastic.yaml
@@ -1975,7 +1975,9 @@ Resources:
             - Effect: Allow
               Action:
                 - ssm:StartAutomationExecution
-              Resource: !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:automation-definition/${StopMediaNodeAutomationDocument}:$DEFAULT
+              Resource:
+                - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:automation-execution/*
+                - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:document/${StopMediaNodeAutomationDocument}
         PolicyName: !Sub StopMediaNodeCloudWatchEventPolicy-${AWS::Region}-${AWS::StackName}
       - PolicyDocument:
           Version: '2012-10-17'
diff --git a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
index 86e06433a..4d6ad792f 100644
--- a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
+++ b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
@@ -2301,7 +2301,9 @@ Resources:
             - Effect: Allow
               Action:
                 - ssm:StartAutomationExecution
-              Resource: !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:automation-definition/${StopMediaNodeAutomationDocument}:$DEFAULT
+              Resource:
+                - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:automation-execution/*
+                - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:document/${StopMediaNodeAutomationDocument}
         PolicyName: !Sub StopMediaNodeCloudWatchEventPolicy-${AWS::Region}-${AWS::StackName}
       - PolicyDocument:
           Version: '2012-10-17'