Step 3: Create non-Admin IAM users and groups for Systems Manager

Users in the administrators group for an account have access to all AWS services and resources in that account. This section describes how to create users with permissions that are limited to AWS Systems Manager.

The following Systems Manager capabilities may have additional or alternative procedures for granting user access:

Session Manager - See Control user session access to instances.
Distributor - See Control User Access to Packages.
Maintenance Windows - See Controlling access to maintenance windows (see the instructions for assigning the IAM PassRole policy to an IAM user or group).

For more information about using IAM policies to control user access to Systems Manager capabilities and resources, see AWS Systems Manager identity-based policy examples.

For information about how to change permissions for an IAM user account, group, or role, see Changing Permissions for an IAM User in the IAM User Guide.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Step 2: Create an Admin IAM user for AWS

Task 1: Create user groups