Step 3: Create non-Admin IAM users and groups for Systems Manager

Users in the administrators group for an account have access to all AWS services and resources in that account. This section describes how to create users with permissions that are limited to AWS Systems Manager.

Note

You can grant users or groups full Systems Manager access using the AWS Identity and Access Management (IAM) policy AmazonSSMFullAccess, as described later in this section. In practice, however, you might want to limit users or groups to only some Systems Manager features. In the chapters for many Systems Manager capabilities, such as Session Manager and Maintenance Windows, we provide instructions for limiting access to actions and resources for that capability only.

For information about using IAM policies to control user access to Systems Manager capabilities and resources, see AWS Systems Manager identity-based policy examples.

For information about how to change permissions for an IAM user account, group, or role, see Changing Permissions for an IAM User in the IAM User Guide.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Step 2: Create an Admin IAM user for AWS

Task 1: Create user groups