Step 3: Create non-Admin IAM users and groups for Systems Manager
Users in the administrators group for an account have access to all Amazon Web Services and resources in that account. This section describes how to create users with permissions that are limited to Amazon Systems Manager.
You can grant users or groups full Systems Manager access using the Amazon Identity and Access Management (IAM) policy
AmazonSSMFullAccess
, as described later in this section. In
practice, however, you might want to limit users or groups to only some Systems Manager
features. In the sections for many Systems Manager capabilities, such as Session Manager and
Maintenance Windows, we provide instructions for limiting access to actions and resources for
that capability only.
For information about using IAM policies to control user access to Systems Manager capabilities and resources, see Amazon Systems Manager identity-based policy examples.
For information about how to change permissions for an IAM user account, group, or role, see Changing permissions for an IAM User in the IAM User Guide.