本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# Amazon Systems Manager
Amazon Systems Manager (前身为 Amazon S EC2 ystems Manager)是一个统一的界面,可让您轻松地集中操作数据并自动执行跨 Amazon 资源的任务。Systems Manager 可以缩短检测和解决基础设施中的操作问题的时间。Systems Manager 为您提供基础架构性能和配置的完整视图,简化了资源和应用程序管理,并使大规模操作和管理基础架构变得容易。
**Topics**
+ [区域可用性](#feature-regions)
+ [功能可用性和实现差异](#feature-diff)
+ [指南和参考](#feature-guides)
+ [关于中国亚马逊 Web Services 的一般信息](#general-info)
## 区域可用性
Amazon Systems Manager 已在中国的以下地区上市:
+ 北京区域
+ 宁夏区域
## 功能可用性和实现差异
Systems Manager在中国实施的亚马逊网络服务在以下方面是独一无二的。
常规
不支持使用 Systems Manager 配置、访问和管理 Amazon IoT Greengrass Version 2 设备。
Application Manager
目前不支持使用应用程序管理器创建 Amazon CloudFormation 模板和堆栈。
自动化
不支持 “自动化`aws:copyImage`” 操作。
不支持在多个 Amazon Web Services 区域 和账户中同时运行自动化。
不支持自动重试受限制的自动化步骤。
不支持重新运行自动化执行。
不支持对目标和并发的跨账户和跨区域控制。
不支持以下用于 APIs 从其他 Amazon 服务调用的自动化操作:
+ `aws:executeAwsApi`
+ `aws:waitForAwsResourceProperty`
+ `aws:assertAwsResourceProperty`
变更管理器
当前不支持 “变更管理器” 功能。
Explorer
不支持创建资源数据同步。
Fleet Manager
要使用[队列管理器的远程桌面功能](https://docs.amazonaws.cn/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html)连接到 Windows Server 托管实例,必须向用户授予北京和宁夏区域的正确 IAM 权限。有关策略示例,请参阅本页[舰队管理器远程桌面连接的 IAM 权限策略](#fleet-manager-rdp-policies)后面的内容。
Incident Manager
目前不支持事件管理器功能。
OpsCenter
控制台 OpsItem 描述字段中的 markdown 支持功能不可用。
Patch Manager
**目前不支持 P** atch Manager 中的 “立即修补” 功能。
目前不支持补丁策略(快速安装配置)。
快速设置
目前不支持 “快速设置” 功能。
会话管理器
要下载适用于 Systems [Manager 的会话管理器插件](https://docs.amazonaws.cn/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html)以便在本地计算机上使用,请使用以下命令 URls:
+ Windows 服务器:[ https://s3.cn-north-1.amazonaws.com。 cn/session-manager-downloads/plugin/latest/windows/SessionManagerPluginSetup.exe](https://s3.cn-north-1.amazonaws.com.cn/session-manager-downloads/plugin/latest/windows/SessionManagerPluginSetup.exe)
+ [macOS:。 https://s3.cn-north-1.amazonaws.com cn/session-manager-downloads/plugin/latest/mac/sessionmanager](https://s3.cn-north-1.amazonaws.com.cn/session-manager-downloads/plugin/latest/mac/sessionmanager-bundle.zip)-bundle.zip
+ [32 位 Linux: https://s3.cn-north-1.amazonaws.com。 cn/session-manager-downloads/plugin/latest/linux\$132bit/session](https://s3.cn-north-1.amazonaws.com.cn/session-manager-downloads/plugin/latest/linux_32bit/session-manager-plugin.rpm)-manager-plugin.rpm
+ [Linux 64 位: https://s3.cn-north-1.amazonaws.com。 cn/session-manager-downloads/plugin/latest/linux\$164bit/session](https://s3.cn-north-1.amazonaws.com.cn/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm)-manager-plugin.rpm
+ [Ubuntu 服务器 32 位:. https://s3.cn-north-1.amazonaws.com cn/session-manager-downloads/plugin/latest/ubuntu\$132bit/session](https://s3.cn-north-1.amazonaws.com.cn/session-manager-downloads/plugin/latest/ubuntu_32bit/session-manager-plugin.deb)-manager-plugin.deb
+ [Ubuntu 服务器 64 位:. https://s3.cn-north-1.amazonaws.com cn/session-manager-downloads/plugin/latest/ubuntu\$164bit/session](https://s3.cn-north-1.amazonaws.com.cn/session-manager-downloads/plugin/latest/ubuntu_32bit/session-manager-plugin.deb)-manager-plugin.deb
SSM Agent
的安装文件[https://docs.amazonaws.cn/systems-manager/latest/userguide/ssm-agent.html](https://docs.amazonaws.cn/systems-manager/latest/userguide/ssm-agent.html)适用于北京和宁夏区域,适用于所有支持的操作系统。有关信息,请参阅以下部分[北京和宁夏区域的 SSM 代理安装文件](#ssm-agent-installation)。
State Manager
目前不支持 “计划偏移” 功能。
### 北京和宁夏区域的 SSM 代理安装文件
要在亚马逊弹性计算云 (Amazon EC2) 实例上安装 [SSM 代理](https://docs.amazonaws.cn/systems-manager/latest/userguide/ssm-agent.html),请为您的 Amazon Web Services 区域 和操作系统选择相应的安装文件 URL。
#### Amazon Linux
在亚马逊 Linux 亚马逊 EC2 实例SSM Agent上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 Amazon Linux 实例上手动安装](agent-install-al.html)。
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
**x86**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_386/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_386/amazon-ssm-agent.rpm
```
#### Amazon Linux 2
在亚马逊 Linux 2 亚马逊 EC2 实例SSM Agent上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 Amazon Linux 2 实例上手动安装](https://docs.amazonaws.cn/systems-manager/latest/userguide/agent-install-al2.html)。
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
#### CentOS
在 CentOS Ama EC2 zon 实例SSM Agent上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 CentOS 实例上手动安装](https://docs.amazonaws.cn/systems-manager/latest/userguide/agent-install-centos.html)
##### CentOS 8
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
##### CentOS 7
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
##### CentOS 6
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/3.0.1390.0/linux_386/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/3.0.1390.0/linux_386/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm
```
#### CentOS Stream 8
在 CentOS Stream Ama EC2 zon SSM Agent 实例上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 CentOS Stream 实例上手动安装](agent-install-centos-stream.html)
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
#### Debian 服务器
在 Debian Server Amazon EC2 实例SSM Agent上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 Debian 服务器实例上手动安装](https://docs.amazonaws.cn/systems-manager/latest/userguide/agent-install-deb.html)
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/debian_arm64/amazon-ssm-agent.deb
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/debian_arm64/amazon-ssm-agent.deb
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/debian_amd64/amazon-ssm-agent.deb
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/debian_amd64/amazon-ssm-agent.deb
```
#### Oracle Linux
在 Oracle Linux Amazon EC2 实例SSM Agent上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 Oracle Linux 实例上手动安装](agent-install-oracle.html)
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
#### Red Hat Enterprise Linux (RHEL)
在 RHEL Amazon EC2 实例SSM Agent上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 RHEL 实例上手动安装](agent-install-rhel.html)
##### RHEL 8
**ARM64**
+ 北京区域
```
https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
##### RHEL 7
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
##### RHEL 6
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/3.0.1390.0/linux_amd64/amazon-ssm-agent.rpm
```
**x86**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/3.0.1390.0/linux_386/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/3.0.1390.0/linux_386/amazon-ssm-agent.rpm
```
#### Rocky Linux
在 Rocky Linux Amazon EC2 实例SSM Agent上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 Rocky Linux 实例上手动安装](agent-install-rocky.html)
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
#### SUSE 企业 Linux 服务器 (SLES)
在 SLES Amazon EC2 实例SSM Agent上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 SLES 实例上手动安装](https://docs.amazonaws.cn/systems-manager/latest/userguide/agent-install-sles.html)
**ARM64**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_arm64/amazon-ssm-agent.rpm
```
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/linux_amd64/amazon-ssm-agent.rpm
```
#### Ubuntu Server
在 Ubuntu Server Ama EC2 zon SSM Agent 实例上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 Ubuntu 服务器实例上手动安装](agent-install-ubuntu.html)。
##### Ubuntu Server 20.10 STR 和 20.04、18.04 和 16.04 LTS 64 位(Snap)
在这些版本的 Ubuntu Server 上安装使用 Snap 格式而不是安装命令来安装 URLs 文件。有关说明,请参阅[SSM Agent在 Ubuntu Server 20.10 STR 和 20.04、18.04 和 16.04 LTS 64 位(Snap)上安装](https://docs.amazonaws.cn/systems-manager/latest/userguide/agent-install-ubuntu-64-snap.html)。
##### Ubuntu Server 16.04 和 14.04 64 位 (deb)
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/debian_amd64/amazon-ssm-agent.deb
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/debian_amd64/amazon-ssm-agent.deb
```
##### Ubuntu 服务器 16.04 和 14.04 32 位
**x86**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/debian_386/amazon-ssm-agent.deb
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/debian_386/amazon-ssm-agent.deb
```
#### Windows Server
在 Windows 服务器亚马逊 EC2实例SSM Agent上安装时,请使用以下文件。有关完整说明,请参阅[SSM Agent在 Windows 服务器实例上手动安装](sysman-install-win.html)
**x86\$164**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/windows_amd64/AmazonSSMAgentSetup.exe
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/windows_amd64/AmazonSSMAgentSetup.exe
```
**x86**
+ 北京区域
```
https://s3.cn-north-1.amazonaws.com.cn/amazon-ssm-cn-north-1/latest/windows_386/AmazonSSMAgentSetup.exe
```
+ 宁夏区域
```
https://s3.cn-northwest-1.amazonaws.com.cn/amazon-ssm-cn-northwest-1/latest/windows_386/AmazonSSMAgentSetup.exe
```
### 舰队管理器远程桌面连接的 IAM 权限策略
以下是 IAM 策略示例,您可以将这些策略附加到用户或角色,以允许与北京和宁夏区域的远程桌面进行不同类型的交互。将每个示例资源占位符替换为您自己的信息。
------
#### [ Standard policy for connecting to EC2 instances ]
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EC2",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:GetPasswordData"
],
"Resource": "*"
},
{
"Sid": "SSM",
"Effect": "Allow",
"Action": [
"ssm:DescribeInstanceProperties",
"ssm:GetCommandInvocation",
"ssm:GetInventorySchema"
],
"Resource": "*"
},
{
"Sid": "TerminateSession",
"Effect": "Allow",
"Action": [
"ssm:TerminateSession"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ssm:resourceTag/aws:ssmmessages:session-id": [
"${aws:userid}"
]
}
}
},
{
"Sid": "SSMStartSession",
"Effect": "Allow",
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws-cn:ec2:*:111122223333:instance/*",
"arn:aws-cn:ssm:*:111122223333:managed-instance/*",
"arn:aws-cn:ssm:*::document/AWS-StartPortForwardingSession"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": "ssm-guiconnect.amazonaws.com"
}
}
},
{
"Sid": "GuiConnect",
"Effect": "Allow",
"Action": [
"ssm-guiconnect:CancelConnection",
"ssm-guiconnect:GetConnection",
"ssm-guiconnect:StartConnection",
"ssm-guiconnect:ListConnections"
],
"Resource": "*"
}
]
}
```
------
#### [ Policy for connecting to EC2 instances with specific tags ]
**注意**
在以下 IAM 策略中,`SSMStartSession` 部分需要 `ssm:StartSession` 操作的 Amazon 资源名称(ARN)。如图所示,您指定的 ARN *不*需要 ID。 Amazon Web Services 账户 如果您指定账户 ID,车队管理器会返回`AccessDeniedException`。
位于示例策略下方的`AccessTaggedInstances`部分也 ARNs 需要`ssm:StartSession`。对于这些 ARNs,你必须指定 Amazon Web Services 账户 IDs。
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EC2",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:GetPasswordData"
],
"Resource": "*"
},
{
"Sid": "SSM",
"Effect": "Allow",
"Action": [
"ssm:DescribeInstanceProperties",
"ssm:GetCommandInvocation",
"ssm:GetInventorySchema"
],
"Resource": "*"
},
{
"Sid": "SSMStartSession",
"Effect": "Allow",
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws-cn:ssm:*::document/AWS-StartPortForwardingSession"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": "ssm-guiconnect.amazonaws.com"
}
}
},
{
"Sid": "AccessTaggedInstances",
"Effect": "Allow",
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws-cn:ec2:*:111122223333:instance/*",
"arn:aws-cn:ssm:*:111122223333:managed-instance/*"
],
"Condition": {
"StringLike": {
"ssm:resourceTag/tag key": [
"tag value"
]
}
}
},
{
"Sid": "GuiConnect",
"Effect": "Allow",
"Action": [
"ssm-guiconnect:CancelConnection",
"ssm-guiconnect:GetConnection",
"ssm-guiconnect:StartConnection",
"ssm-guiconnect:ListConnections"
],
"Resource": "*"
}
]
}
```
------
#### [ Policy for Amazon IAM Identity Center users to connect to EC2 instances ]
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SSO",
"Effect": "Allow",
"Action": [
"sso:ListDirectoryAssociations*",
"identitystore:DescribeUser"
],
"Resource": "*"
},
{
"Sid": "EC2",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:GetPasswordData"
],
"Resource": "*"
},
{
"Sid": "SSM",
"Effect": "Allow",
"Action": [
"ssm:DescribeInstanceInformation",
"ssm:DescribeInstanceProperties",
"ssm:GetCommandInvocation",
"ssm:GetInventorySchema"
],
"Resource": "*"
},
{
"Sid": "TerminateSession",
"Effect": "Allow",
"Action": [
"ssm:TerminateSession"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ssm:resourceTag/aws:ssmmessages:session-id": [
"${aws:userName}"
]
}
}
},
{
"Sid": "SSMStartSession",
"Effect": "Allow",
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws-cn:ec2:*:*:instance/*",
"arn:aws-cn:ssm:*:*:managed-instance/*",
"arn:aws-cn:ssm:*:*:document/AWS-StartPortForwardingSession"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": "ssm-guiconnect.amazonaws.com"
}
}
},
{
"Sid": "SSMSendCommand",
"Effect": "Allow",
"Action": [
"ssm:SendCommand"
],
"Resource": [
"arn:aws-cn:ec2:*:*:instance/*",
"arn:aws-cn:ssm:*:*:managed-instance/*",
"arn:aws-cn:ssm:*:*:document/AWSSSO-CreateSSOUser"
]
},
{
"Sid": "GuiConnect",
"Effect": "Allow",
"Action": [
"ssm-guiconnect:CancelConnection",
"ssm-guiconnect:GetConnection",
"ssm-guiconnect:StartConnection",
"ssm-guiconnect:ListConnections"
],
"Resource": "*"
}
]
}
```
------
## 指南和参考
中国的 Amazon Web Services 用户指南有 HTML 和 PDF 版本,有中文和英文两种版本。API 参考以 HTML 和 PDF 格式提供。有些 API 参考可能仅提供英文版。目前,并非所有 API 参考在北京和宁夏区域都可用。某些 API 参考文献的链接将带您进入全球亚马逊 Web Services 网站。请注意,指南和参考资料中描述的某些特性和功能可能无法在当前的 Amazon Web Services 中国版本中提供。
+ [Amazon Systems Manager 用户指南](https://docs.amazonaws.cn/systems-manager/latest/userguide/)
+ [Amazon Systems Manager API 引用](https://docs.amazonaws.cn/systems-manager/latest/APIReference/Welcome.html)
## 关于中国亚马逊 Web Services 的一般信息
以下信息适用于在中国地区提供的所有 Amazon Web Services。
**中国地区的亚马逊 Web Services 账户**
要在北京和宁夏区域使用服务,您需要一个账户和每个区域的专属证书。
+ 其他 Amazon 地区的账户和凭证不适用于在北京和宁夏区域运营的服务。
+ 北京和宁夏区域的账户和凭证不适用于其他 Amazon 区域。
+ 有关更多信息,请参阅 [注册、账户和证书](accounts-and-credentials.md)。
**中国亚马逊 Web Services 的域名**
中国 Amazon Web Services 的域名**`www.amazonaws.cn`**是。
**终端节点和 Amazon 资源名称 (ARNs)**
有关终端节点和 ARNs 中国的 Amazon Web Services 的信息,[终端节点和 ARNs 适用于中国的 Amazon Web Services](endpoints-arns.md)请参阅。
**中国区域的可用区**
+ 在北京区域,有三个可用区。
+ 在宁夏区域,有三个可用区。
**中国亚马逊 Web Services 的一般信息**
以下内容适用于在中国地区提供的所有 Amazon Web Services。有关特定 Amazon Web Services 的详细信息,请参阅本指南中的特定服务主题。
+ Amazon Identity and Access Management (IAM)
+ 您可以使用 `Principal` 策略元素授予或拒绝服务对资源的访问。
+ 服务委托人值因区域而异。
+ 免费使用套餐
+ 有关中国地区的免费套餐优惠和可用性的信息,[请参阅 Amazon Web Services 中国地区免费](https://www.amazonaws.cn/en/free)套餐。
**亚马逊 Web Services 控制台**
中国 Amazon Web Services 的主机是中国独有的。Amazon Web Services 指南中的屏幕截图可能与您在主机上看到的屏幕截图不同。有关服务功能差别的信息,请参阅本指南中针对各项服务的主题。
**代码示例**
Amazon Web Services 文档可能包括非北京和 ARNs 宁夏区域特有的终端节点和代码示例。使用示例时,请确认您使用的是您所在地区的终端节点和 ARNs 终端节点。