Configuration to create an IAM role for EC2 instances to access to AWS Systems Manager (SSM) services, with the least permissions required
A collection of AWS Systems Manager (SSM) configuration templates for the automation of security and operation tasks in AWS environments. Configuration items include templates to configure patching, maintenance windows, required IAM roles for SSM operations, as well as security configurations to support AWS SSM such as IAM policies, config rules, and more.
Configuration to create an IAM role for EC2 instances to access to AWS Systems Manager (SSM) services, with the least permissions required
A configuration guide for setting up the necessary configuration for AWS Systems Manager Patch Manager to automatically scan and/or apply patches to EC2 instances in an AWS environment.
Configure an AWS Systems Manager Custom Patch Baseline and Patch Groups
A Config rule that checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager.
A Config rule that checks whether the compliance status of the Amazon EC2 Systems Manager (SSM) association compliance is COMPLIANT or NON_COMPLIANT after the association execution on the instance. The rule is compliant if the field status is COMPLIANT.
A Config rule that checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance. The rule is compliant if the field status is COMPLIANT.
A Config rule that checks whether EC2 managed instances have the desired configurations.
A Config rule that checks whether all of the specified applications are installed on the instance. Optionally, specify the minimum acceptable version. You can also specify the platform to apply the rule only to instances running that platform.
A Config rule that checks that none of the specified applications are installed on the instance. Optionally, specify the application version. Newer versions of the application will not be blacklisted. You can also specify the platform to apply the rule only to instances running that platform.
A Config rule that checks whether instances managed by AWS Systems Manager are configured to collect blacklisted inventory types.
An IAM policy that provides end users the ability start a session to a particular instance and the ability to terminate only their own sessions.
An IAM policy that provides end users the ability start a session to instances based on the tags assigned and the ability to terminate only their own sessions.
An IAM policy that allows a user to fully interact with all instances and all sessions created by all users for all instances, as well as permissions to permission to create, update and delete preferences. It should be granted only to an Administrator who needs full control over your organization's Session Manager activities.