Menu
Amazon EC2 Systems Manager
User Guide

How to Share a Systems Manager Document

You can share Systems Manager document by using the Amazon EC2 console or by programmatically calling the ModifyDocumentPermission API operation using the AWS CLI, AWS Tools for Windows PowerShell, or the AWS SDK. Before you share a document, get the AWS account IDs of the people with whom you want to share. You will specify these account IDs when you share the document.

Share a Document Using the Amazon EC2 Console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Documents.

  3. In the documents list, choose the document you want to share. Choose the Permissions tab and verify that you are the document owner. Only a document owner can share a document.

  4. Choose Edit.

  5. To share the command publicly, choose Public and then choose Save. To share the command privately, choose Private, enter the AWS account ID, choose Add Permission, and then choose Save.

Share a Document Using the AWS CLI

The following procedure requires that you specify a region for your CLI session. Run Command is currently available in the following Systems Manager regions.

  1. Open the AWS CLI on your local computer and execute the following command to specify your credentials.

    Copy
    aws config AWS Access Key ID: [your key] AWS Secret Access Key: [your key] Default region name: [us-east-1] Default output format [None]:
  2. Use the following command to list all of the Systems Manager documents that are available for you. The list includes documents that you created and documents that were shared with you.

    Copy
    aws ssm list-documents --document-filter-list key=Owner,value=all
  3. Use the following command to get a specific document.

    Copy
    aws ssm get-document --name document name
  4. Use the following command to get a description of the document.

    Copy
    aws ssm describe-document --name document name
  5. Use the following command to view the permissions for the document.

    Copy
    aws ssm describe-document-permission --name document name --permission-type Share
  6. Use the following command to modify the permissions for the document and share it. You must be the owner of the document to edit the permissions. This command privately shares the document with a specific individual, based on that person's AWS account ID.

    Copy
    aws ssm modify-document-permission --name document name --permission-type Share --account-ids-to-add AWS account ID

    Use the following command to share a document publicly.

    Copy
    aws ssm modify-document-permission --name document name --permission-type Share --account-ids-to-add 'all'

Share a Document Using AWS Tools for Windows PowerShell

The following procedure requires that you specify a region for your PowerShell session. Run Command is currently available in the following Systems Manager regions.

  1. Open AWS Tools for Windows PowerShell on your local computer and execute the following command to specify your credentials.

    Copy
    Set-AWSCredentials –AccessKey your key –SecretKey your key
  2. Use the following command to set the region for your PowerShell session. The example uses the us-west-2 region.

    Copy
    Set-DefaultAWSRegion -Region us-west-2
  3. Use the following command to list all of the Systems Manager documents available for you. The list includes documents that you created and documents that were shared with you.

    Copy
    Get-SSMDocumentList -DocumentFilterList (@{"key"="Owner";"value"="All"})
  4. Use the following command to get a specific document.

    Copy
    Get-SSMDocument –Name document name
  5. Use the following command to get a description of the document.

    Copy
    Get-SSMDocumentDescription –Name document name
  6. Use the following command to view the permissions of the document.

    Copy
    Get- SSMDocumentPermission –Name document name -PermissionType Share
  7. Use the following command to modify the permissions for the document and share it. You must be the owner of the document to edit the permissions. This command privately shares the document with a specific individual, based on that person's AWS account ID.

    Copy
    Edit-SSMDocumentPermission –Name document name -PermissionType Share -AccountIdsToAdd AWS account ID

    Use the following command to share a document publicly.

    Copy
    Edit-SSMDocumentPermission -Name document name -AccountIdsToAdd ('all') -PermissionType Share