Certified Security - Specialty

Sign Up Free or Log In to participate!

System manager run command Role

In this section system manager run command aws recommend the ‘AmazonEC2RoleforSSM’ but this role is too permission and allows s3:* . So aws released a new role ‘AmazonSSMManagedIntanceCore’

1 Answers

That’s really useful to know, and it’s great that AWS is finally swapping that out. I’ve been having to build custom policies for ages to get around this problem with is being so permissive. For virtually anything with SSM out there to be using a policy with ‘s3:GetObject’ for all resources is terrifying.

Thanks for letting us know, I’ll pass this along to the instructors

Feedback can also be submitted directly to us through our Contact Support form, where one of our technical team members will respond and assess what we need to do to update our content

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?