AWS Systems Manager (IAM)

aws management

AWS Systems Manager (SSM) is a management service that provides operational insights, automation, and secure remote management of EC2 instances and hybrid infrastructure.

Common permissions

ssm:GetParameterssm:GetParametersssm:PutParameterssm:ListDocumentsssm:GetDocumentssm:StartSessionssm:GetInventoryssm:ListCommands

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ssm:GetParameter",
        "ssm:GetParameters",
        "ssm:PutParameter",
        "ssm:ListDocuments",
        "ssm:GetDocument",
        "ssm:StartSession",
        "ssm:GetInventory",
        "ssm:ListCommands"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid ssm:* — grants full control including parameter deletion and session termination
Avoid ssm:StartSession unless needed — allows interactive shell access to instances

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/ssm/ssm.json ↗

API

full doc /v1/iam/ssm