AWS Systems Manager (ssm)

Additions

Actions

• RegisterManagedInstance
  
  • Description:  Grants permission to register a Systems Manager Agent
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• UpdateInstanceAssociationStatus [permission only]
  
  • Description:  Grants permission to SSM Agent to update the status of the association that it is currently running (internal Systems Manager call)
  • Access:  Write
  • Resources: 

    Name: association

    Required: Yes

    Name: instance

    Required: No

    Name: managed-instance

    Required: No

Updates

Actions

• DescribePatchGroupState
  
  Access
  
  • Read  ⟶  List
• ListDocumentMetadataHistory
  
  Access
  
  • Read  ⟶  List
• GetManifest [permission only]
  
  Description
  
  • Old: Used by Systems Manager and SSM Agent to determine package installation requirements for an instance (internal Systems Manager call)
    New: Grants permission to Systems Manager and SSM Agent to determine package installation requirements for an instance (internal Systems Manager call)
• PutConfigurePackageResult [permission only]
  
  Description
  
  • Old: Used by SSM Agent to generate a report of the results of specific agent requests (internal Systems Manager call)
    New: Grants permission to SSM Agent to generate a report of the results of specific agent requests (internal Systems Manager call)

Conditions

• ssm:SessionDocumentAccessCheck
  
  Type
  
  • Boolean  ⟶  Bool

Deletions

Actions

• UpdateInstanceAssociationStatus
  
  • Description:  Used by SSM Agent to update the status of the association that it is currently running (internal Systems Manager call)
  • Access:  Write
  • Resources: 

    Name: association

    Required: Yes

    Name: instance

    Required: No

    Name: managed-instance

    Required: No