AWS Systems Manager (ssm)

2023-04-04

3 new actions, 1 new resource | 4 updated actions, 1 updated condition | 1 removed action, 1 removed condition

Additions

Actions

DeleteResourcePolicy
- Description: Grants permission to delete a Systems Manager resource policy
- Access: Permissions management
- Resources:
  Name: resourcearn
  
  Required: Yes
GetResourcePolicies
- Description: Grants permission to retrieve lists of Systems Manager resource policies
- Access: List
- Resources:
  Name: resourcearn
  
  Required: Yes
PutResourcePolicy
- Description: Grants permission to create or update a Systems Manager resource policy
- Access: Permissions management
- Resources:
  Name: resourcearn
  
  Required: Yes

Resources

resourcearn
- Arn: arn:${Partition}:ssm:${Region}:${Account}:opsitemgroup/default

Updates

Actions

AddTagsToResource
- － instance
- － task
RemoveTagsFromResource
- － instance
- － task
UpdateAssociationStatus
- － ssm:SourceInstanceARN
UpdateInstanceInformation
- － ssm:SourceInstanceARN

Conditions

ssm:AutoApprove
- String ⟶ Bool

Deletions

Actions

UpdateInstanceAssociationStatus
- Description: Grants permission to SSM Agent to update the status of the association that it is currently running (internal Systems Manager call)
- Access: Write
- Resources:
  Name: association
  
  Required: Yes
  
  Name: instance
  
  Required: No
  
  Name: managed-instance
  
  Required: No
- Conditions:
  ssm:SourceInstanceARN

Conditions

ssm:SourceInstanceARN
- Description: Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile
- Type: String