Modify permissions for a shared SSM document - AWS Systems Manager

Modify permissions for a shared SSM document

If you share a command, users can view and use that command until you either remove access to the AWS Systems Manager (SSM) document or delete the SSM document. However, you can't delete a document as long as it's shared. You must stop sharing it first and then delete it.

Stop sharing a document (console)

Stop sharing a document

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/.

  2. In the navigation pane, choose Documents.

    -or-

    If the AWS Systems Manager home page opens first, choose the menu icon ( ) to open the navigation pane, and then choose Documents in the navigation pane.

  3. In the documents list, choose the document you want to stop sharing, and then choose View details. On the Permissions tab, verify that you're the document owner. Only a document owner can stop sharing a document.

  4. Choose Edit.

  5. Choose X to delete the AWS account ID that should no longer have access to the command, and then choose Save.

Stop sharing a document (command line)

Open the AWS CLI or AWS Tools for Windows PowerShell on your local computer and run the following command to stop sharing a command.

Linux & macOS
aws ssm modify-document-permission \ --name document name \ --permission-type Share \ --account-ids-to-remove 'AWS account ID'
Windows
aws ssm modify-document-permission ^ --name document name ^ --permission-type Share ^ --account-ids-to-remove "AWS account ID"
PowerShell
Edit-SSMDocumentPermission ` -Name document name ` -PermissionType Share ` –AccountIdsToRemove AWS account ID