attaching ssm readonly iam policy in place of ssm full access iam pol…

…icy as we should not be granting full access

modules/admin/iam.tf

@@ -63,7 +63,7 @@ data "aws_iam_policy_document" "assume_role_policy" {
 resource "aws_iam_role_policy_attachment" "ecs_task_execution_policy_attachment" {
   for_each = toset([
     "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", 
-    "arn:aws:iam::aws:policy/AmazonSSMFullAccess"
+    "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess"
   ])
 
   role       = aws_iam_role.ecs_execution_role.name

modules/dns_dhcp_common/iam.tf

@@ -86,7 +86,7 @@ EOF
 resource "aws_iam_role_policy_attachment" "ecs_task_execution_policy_attachment" {
   for_each = toset([
     "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", 
-    "arn:aws:iam::aws:policy/AmazonSSMFullAccess"
+    "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess"
   ])
 
   role       = aws_iam_role.ecs_execution_role.name