Skip to main content

AWS Systems Manager

Verify IAM Role Permissions

The EC2 instance you’re targeting needs an IAM role with the appropriate policies attached.

Steps:

  1. Go to the EC2 Console, and check the IAM role attached to your instance:
  • Select the EC2 instance.
  • In the Description tab, check the IAM Role field.
  1. Attach the following managed policies to the IAM role:
  • AmazonSSMManagedInstanceCore
  • AmazonEC2RoleforSSM (deprecated, but still in use in some older setups)
  1. If you’re using a custom policy, ensure it includes the following permissions:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ssm:StartSession",
        "ssm:DescribeInstanceInformation",
        "ssm:SendCommand",
        "ssm:ListCommandInvocations",
        "ssm:GetCommandInvocation"
      ],
      "Resource": "*"
    }
  ]
}