Step 3: Create Non-Admin IAM Users and Groups for Systems Manager
Users in the administrators group for an account have access to all AWS services and resources in that account. This section describes how to create users with permissions that are limited to AWS Systems Manager.
The following Systems Manager capabilities may have additional or alternative procedures for granting user access:
-
Session Manager - See Control User Session Access to Instances.
-
Distributor - See Control User Access to Packages.
-
Maintenance Windows - See Controlling Access to Maintenance Windows (see the instructions for assigning the IAM PassRole policy to an IAM user or group).
For more information about using IAM policies to control user access to Systems Manager capabilities and resources, see Using Identity-based Policies (IAM Policies) for AWS Systems Manager.
For information about how to change permissions for an IAM user account, group, or role, see Changing Permissions for an IAM User in the IAM User Guide.
Topics