diff --git a/ec2/ec2-auto-recovery.yaml b/ec2/ec2-auto-recovery.yaml
index 33b16149c..24edce538 100644
--- a/ec2/ec2-auto-recovery.yaml
+++ b/ec2/ec2-auto-recovery.yaml
@@ -251,7 +251,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}
diff --git a/ecs/cluster.yaml b/ecs/cluster.yaml
index f87b8755e..7618dbe97 100644
--- a/ecs/cluster.yaml
+++ b/ecs/cluster.yaml
@@ -255,6 +255,27 @@ Resources:
             - 'sqs:DeleteMessage'
             - 'sqs:ReceiveMessage'
             Resource: !GetAtt 'AutoScalingGroupLifecycleHookQueue.Arn'
+  IAMPolicySSHAccess:
+    Type: 'AWS::IAM::Policy'
+    Condition: HasIAMUserSSHAccess
+    Properties:
+      Roles:
+      - !Ref Role
+      PolicyName: 'iam-ssh'
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+        - Effect: Allow
+          Action:
+          - 'iam:ListUsers'
+          Resource:
+          - '*'
+        - Effect: Allow
+          Action:
+          - 'iam:ListSSHPublicKeys'
+          - 'iam:GetSSHPublicKey'
+          Resource:
+          - !Sub 'arn:aws:iam::${AWS::AccountId}:user/*'
   ALBSecurityGroup:
     Type: 'AWS::EC2::SecurityGroup'
     Properties:
@@ -439,6 +460,9 @@ Resources:
                 files:
                 - '/etc/newrelic/nrsysmond.cfg'
         ssh-access:
+          packages:
+            yum:
+              'aws-cli': []
           files:
             '/opt/authorized_keys_command.sh':
               content: !Sub |
@@ -455,7 +479,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: !Sub |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   if id -u "$User" >/dev/null 2>&1; then
                     echo "$User exists"
diff --git a/jenkins/jenkins2-ha-agents.yaml b/jenkins/jenkins2-ha-agents.yaml
index d1d8e7226..e6f2b7489 100644
--- a/jenkins/jenkins2-ha-agents.yaml
+++ b/jenkins/jenkins2-ha-agents.yaml
@@ -546,7 +546,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}
@@ -1191,7 +1191,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}
diff --git a/jenkins/jenkins2-ha.yaml b/jenkins/jenkins2-ha.yaml
index d37d97c6e..5486c4643 100644
--- a/jenkins/jenkins2-ha.yaml
+++ b/jenkins/jenkins2-ha.yaml
@@ -452,7 +452,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}
diff --git a/security/auth-proxy-ha-github-orga.yaml b/security/auth-proxy-ha-github-orga.yaml
index c2f2270a5..f27bed380 100644
--- a/security/auth-proxy-ha-github-orga.yaml
+++ b/security/auth-proxy-ha-github-orga.yaml
@@ -389,7 +389,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}
diff --git a/vpc/vpc-nat-instance.yaml b/vpc/vpc-nat-instance.yaml
index 831a29bf3..d5030a115 100644
--- a/vpc/vpc-nat-instance.yaml
+++ b/vpc/vpc-nat-instance.yaml
@@ -282,7 +282,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}
diff --git a/vpc/vpc-ssh-bastion.yaml b/vpc/vpc-ssh-bastion.yaml
index c383362c7..95c3adbeb 100644
--- a/vpc/vpc-ssh-bastion.yaml
+++ b/vpc/vpc-ssh-bastion.yaml
@@ -222,7 +222,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}
diff --git a/wordpress/wordpress-ha.yaml b/wordpress/wordpress-ha.yaml
index 7eaac6bf7..c8fd0920e 100644
--- a/wordpress/wordpress-ha.yaml
+++ b/wordpress/wordpress-ha.yaml
@@ -404,7 +404,7 @@ Resources:
               group: root
             '/opt/import_users.sh':
               content: |
-                #!/bin/bash
+                #!/bin/bash -e
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}