AWS Systems Manager
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Setting Up Run Command

Before you can manage instances by using Run Command, you must configure an AWS Identity and Access Management (IAM) user policy for any user who will run commands, and an IAM instance profile role for any instance that will process commands. For more information, see Setting Up AWS Systems Manager.

This section also includes recommended tasks for monitoring command executions and restricting command access to tagged instances. The tasks in this section are not required, but they can help minimize the security posture and day-to-day management of your instances. For this reason, we highly recommend you complete the tasks in this section.