AWS Systems Manager (ssm)

2023-04-04

3 new actions, 1 new resource | 4 updated actions, 1 updated condition | 1 removed action, 1 removed condition

Additions

    Actions
  • DeleteResourcePolicy
    • Description:  Grants permission to delete a Systems Manager resource policy
    • Access:  Permissions management
    • Resources: 

      Name: resourcearn

      Required: Yes

  • GetResourcePolicies
    • Description:  Grants permission to retrieve lists of Systems Manager resource policies
    • Access:  List
    • Resources: 

      Name: resourcearn

      Required: Yes

  • PutResourcePolicy
    • Description:  Grants permission to create or update a Systems Manager resource policy
    • Access:  Permissions management
    • Resources: 

      Name: resourcearn

      Required: Yes

    Resources
  • resourcearn
    • Arn:  arn:${Partition}:ssm:${Region}:${Account}:opsitemgroup/default

Updates

Deletions

    Actions
  • UpdateInstanceAssociationStatus
    • Description:  Grants permission to SSM Agent to update the status of the association that it is currently running (internal Systems Manager call)
    • Access:  Write
    • Resources: 

      Name: association

      Required: Yes

      Name: instance

      Required: No

      Name: managed-instance

      Required: No

    • Conditions: 

      ssm:SourceInstanceARN

    Conditions
  • ssm:SourceInstanceARN
    • Description:  Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile
    • Type:  String