You must be logged in to view saved presets
EC2 IAM Role for AWS Systems Manager
Configuration to create an IAM role for EC2 instances to access to AWS Systems Manager (SSM) services, with the least permissions required.
Set the permissions by selecting the permissions from the configuration menu:
- Core Permissions: Attaches AmazonSSMManagedInstanceCore managed policy which is required to enable an instance to use Systems Manager service core functionality.
- Access to Directory Services: Attaches AmazonSSMDirectoryServiceAccess managed policy, required only if you plan to join EC2 instance for Windows Server to a Microsoft AD directory
- Access for CloudWatch Agent: Attaches CloudWatchAgentServerPolicy managed policy, required only if you plan to install and run the CloudWatch agent on your instances
- Logging to S3 Permissions: Attaches an inline policy to allow writing objects to an S3 bucket. It is recommended to specify the exact bucket name to restrict the access.
- Access with VPC Endpoints: Attaches an inline policy to allow access to S3 buckets that are required when using VPC endpoints to access the SSM API. It is recommended to specify the specific region.
Items
2
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
IamRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: Ec2RoleForSSM
Description: EC2 IAM role for SSM access
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'
Ec2InstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
InstanceProfileName: Ec2RoleForSSM
Roles:
- Ref: IamRole
Parameters: {}
Metadata: {}
Conditions: {}
Actions
Customize Template
* Required field
© 2025 asecurecloud. All rights reserved.