Configuration to create an IAM role for EC2 instances to access to AWS Systems Manager (SSM) services, with the least permissions required
CloudFormationTerraformAWS CLI
Guided Walkthroughs
Configuration Packages
AI CloudAdvisor (Beta)
By Implementation
By Service Protected
Reference Guides
Other
Guided Walkthroughs
Configuration Packages
AI CloudAdvisor (Beta)
Configuration Stack0
By Service Protected
By Implementation
Service Control Policies
Config Rules
Auto Remediation Rules
Conformance Packs
Amazon GuardDuty
Amazon Inspector
AWS Security Hub
AWS Network Firewall
Route53 Resolver Security
Amazon Macie
S3 Bucket Policies
CloudWatch Alarms and Event Rules
AWS WAF
AWS Secrets Manager
AWS Systems Manager
Security Groups & NACLs
AWS KMS
AWS SSO
IAM Policies
VPC Endpoint Policies
CloudFormation Guard Rules
Load Balancers
RDS Event Subscriptions
AWS Resource Access Manager (RAM)Reference Guides
Other
AWS Systems Manager
A collection of AWS Systems Manager (SSM) configuration templates for the automation of security and operation tasks in AWS environments. Configuration items include templates to configure patching, maintenance windows, required IAM roles for SSM operations, as well as security configurations to support AWS SSM such as IAM policies, config rules, and more.
IAM Role
Systems Manager
A configuration guide for setting up the necessary configuration for AWS Systems Manager Patch Manager to automatically scan and/or apply patches to EC2 instances in an AWS environment.
CloudFormation
Configure an AWS Systems Manager Custom Patch Baseline and Patch Groups
CloudFormationAWS CLI
Config Rule
A Config rule that checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager.
CloudFormationTerraformAWS CLI
A Config rule that checks whether the compliance status of the Amazon EC2 Systems Manager (SSM) association compliance is COMPLIANT or NON_COMPLIANT after the association execution on the instance. The rule is compliant if the field status is COMPLIANT.
CloudFormationTerraformAWS CLI
A Config rule that checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance. The rule is compliant if the field status is COMPLIANT.
CloudFormationTerraformAWS CLI
A Config rule that checks whether EC2 managed instances have the desired configurations.
CloudFormationTerraformAWS CLI
A Config rule that checks whether all of the specified applications are installed on the instance. Optionally, specify the minimum acceptable version. You can also specify the platform to apply the rule only to instances running that platform.
CloudFormationTerraformAWS CLI
A Config rule that checks that none of the specified applications are installed on the instance. Optionally, specify the application version. Newer versions of the application will not be blacklisted. You can also specify the platform to apply the rule only to instances running that platform.
CloudFormationTerraformAWS CLI
A Config rule that checks whether instances managed by AWS Systems Manager are configured to collect blacklisted inventory types.
CloudFormationTerraformAWS CLI
IAM Policy
An IAM policy that provides end users the ability start a session to a particular instance and the ability to terminate only their own sessions.
CloudFormationTerraformAWS CLI
An IAM policy that provides end users the ability start a session to instances based on the tags assigned and the ability to terminate only their own sessions.
CloudFormationTerraformAWS CLI
An IAM policy that allows a user to fully interact with all instances and all sessions created by all users for all instances, as well as permissions to permission to create, update and delete preferences. It should be granted only to an Administrator who needs full control over your organization's Session Manager activities.
CloudFormationTerraformAWS CLI
Filter by source
IAM Role
Systems Manager
Config Rule
IAM Policy