IAM permissions - AMS Accelerate Operations Plan

IAM permissions

Instance profiles attached to instances are checked to ensure they contain the correct managed policies. The following managed policies are added to the existing role if they aren't present.

  • arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore

  • arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy

  • arn:aws:iam::aws:policy/AMSInstanceProfileBasePolicy

If an instance profile is not attached to the instance, the workflow attaches the following instance profile with the needed permissions to run the AMS Accelerate OS automated instance configuration workflow: AMSOSConfigurationCustomerInstanceProfile-<REGION>