AccessDeniedException in all Queued Notification steps

[jarltotland]

Remediations run with a clean install of v1.4.0 to a virgin account fails with the below stack trace due to overly restrictive IAM policy.

The SO0111-SHARR-sendNotifications lambda function requires access to the ssm:PutParameter action, adding this to the notifyRole's policy makes everything work smoothly.

[ERROR] ClientError: An error occurred (AccessDeniedException) when calling the PutParameter operation: User: arn:aws:sts::000000000000:assumed-role/aws-sharr-deploy-notifyRole00000000-000000000000/SO0111-SHARR-sendNotifications is not authorized to perform: ssm:PutParameter on resource: arn:aws:ssm:eu-west-1:000000000000:parameter/Solutions/SO0111/anonymous_metrics_uuid because no identity-based policy allows the ssm:PutParameter action
Traceback (most recent call last):
  File "/var/task/send_notifications.py", line 101, in lambda_handler
    metrics = Metrics(event['EventType'])
  File "/opt/python/metrics.py", line 51, in __init__
    self.__get_solution_uuid()
  File "/opt/python/metrics.py", line 114, in __get_solution_uuid
    self.__update_solution_uuid(self.solution_uuid)
  File "/opt/python/metrics.py", line 97, in __update_solution_uuid
    self.ssm_client.put_parameter(
  File "/var/runtime/botocore/client.py", line 386, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/var/runtime/botocore/client.py", line 705, in _make_api_call
    raise error_class(parsed_response, operation_name

[mobri2a]

Fixed in v1.4.1