AWS Systems Manager
User Guide

Step 4: Configure Session Preferences

A system administrator can configure Session Manager to create and send session history logs to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon CloudWatch Logs log group. The stored log data can then be used to audit or report on the session connections made to your instances and the commands run on them during the sessions. The system administrator can also configure Session Manager to encrypt the data transmitted between client machines and your instances.

Before a user can update Session Manager preferences, they must have been granted the specific permissions that will let them make these updates, if they do not possess them already. Without these permissions, the user can't configure logging options or set other session preferences for your account. For information about granting permissions to update Session Manager preferences, see Grant or Deny a User Permissions to Update Session Manager Preferences.


For information about using the AWS CLI to update session preferences, see the following topics:

For information about using the Systems Manager console to configure Session Manager preferences, see the following topics: