AWS Systems Manager
Verify IAM Role Permissions
The EC2 instance you’re targeting needs an IAM role with the appropriate policies attached.
Steps:
- Go to the EC2 Console, and check the IAM role attached to your instance:
1.
- Select the EC2 instance.
- In the Description tab, check the IAM Role field.
- Attach the following managed policies to the IAM role:
2.
- AmazonSSMManagedInstanceCore
- AmazonEC2RoleforSSM (deprecated, but still in use in some older setups)
- If you’re using a custom policy, ensure it includes the following permissions:
3.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:StartSession",
"ssm:DescribeInstanceInformation",
"ssm:SendCommand",
"ssm:ListCommandInvocations",
"ssm:GetCommandInvocation"
],
"Resource": "*"
}
]
}