Step 4: Configure session preferences - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 4: Configure session preferences

Users that have been granted administrative permissions in their Amazon Identity and Access Management (IAM) policy can configure session preferences, including the following:

  • Turn on Run As support for Linux managed nodes. This makes it possible to start sessions using the credentials of a specified operating system user instead of the credentials of a system-generated ssm-user account that Amazon Systems Manager Session Manager can create on a managed node.

  • Configure Session Manager to use Amazon KMS key encryption to provide additional protection to the data transmitted between client machines and managed nodes.

  • Configure Session Manager to create and send session history logs to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon CloudWatch Logs log group. The stored log data can then be used to audit or report on the session connections made to your managed nodes and the commands run on them during the sessions.

  • Configure session timeouts. You can use this setting to specify when to end a session after a period of inactivity.

  • Configure Session Manager to use configurable shell profiles. These customizable profiles allow you to define preferences within sessions such as shell preferences, environment variables, working directories, and running multiple commands when a session is started.

For more information about the permissions needed to configue Session Manager preferences, see Grant or deny a user permissions to update Session Manager preferences.

For information about using the Systems Manager console to configure options for logging session data, see the following topics: