Step 3: Create non-Admin IAM users and groups for Systems Manager - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Step 3: Create non-Admin IAM users and groups for Systems Manager

Users in the administrators group for an account have access to all Amazon Web Services and resources in that account. This section describes how to create users with permissions that are limited to Amazon Systems Manager.


You can grant users or groups full Systems Manager access using the Amazon Identity and Access Management (IAM) policy AmazonSSMFullAccess, as described later in this section. In practice, however, you might want to limit users or groups to only some Systems Manager features. In the sections for many Systems Manager capabilities, such as Session Manager and Maintenance Windows, we provide instructions for limiting access to actions and resources for that capability only.

For information about using IAM policies to control user access to Systems Manager capabilities and resources, see Amazon Systems Manager identity-based policy examples.

For information about how to change permissions for an IAM user account, group, or role, see Changing permissions for an IAM User in the IAM User Guide.