An IAM policy that allows a user to fully interact with all instances and all sessions created by all users for all instances, as well as permissions to permission to create, update and delete preferences. It should be granted only to an Administrator who needs full control over your organization's Session Manager activities.

Missing Parameters
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ssm:StartSession",
                "ssm:TerminateSession",
                "ssm:ResumeSession",
                "ssm:DescribeSessions",
                "ssm:GetConnectionStatus",
                "ssm:DescribeSessions",
                "ssm:GetConnectionStatus",
                "ssm:DescribeInstanceProperties",
                "ec2:DescribeInstances"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ssm:CreateDocument",
                "ssm:UpdateDocument",
                "ssm:GetDocument"
            ],
            "Resource": [
                "arn:aws:ssm:::document/SSM-SessionManagerRunShell"
            ],
            "Effect": "Allow"
        }
    ]
}

Actions



Customize Template

Policy Parameters

* Required field