You must be logged in to view saved presets
An IAM policy that provides end users the ability start a session to instances based on the tags assigned and the ability to terminate only their own sessions.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws:ec2:::instance/*"
],
"Effect": "Allow",
"Condition": {
"StringLike": {
"ssm:resourceTag/Key": [
"Value"
]
}
}
},
{
"Action": [
"ssm:DescribeSessions",
"ssm:GetConnectionStatus",
"ssm:DescribeInstanceProperties",
"ec2:DescribeInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ssm:GetDocument"
],
"Resource": [
"arn:aws:ssm:::document/SSM-SessionManagerRunShell"
],
"Effect": "Allow"
},
{
"Action": [
"ssm:TerminateSession"
],
"Resource": "arn:aws:ssm:::session/${aws:username}-*",
"Effect": "Allow"
}
]
}