RDP to EC2 Instance with SSM



I'm trying to figure out how to RDP to an EC2 instance of a GameLift fleet server (using SDK 5). I'm following this guide:


But i seem to be struggling at the last stages where i need to use this command:

aws ssm start-session --target <instance-id> --document-name AWS-StartPortForwardingSession --parameters "localPortNumber=55678,portNumber=3389"

It's giving me this error:

An error occurred (AccessDeniedException) when calling the StartSession operation: User: arn:aws:sts::123456:assumed-role/FleetServiceEC2Access-DataPlaneRole-FRA/FleetsService-GetComputeAccess-1234-1234-1234-1234-1234 is not authorized to perform: ssm:StartSession on resource: arn:aws:ssm:eu-central-1::document/AWS-StartPortForwardingSession because no session policy allows the ssm:StartSession action

Any idea what kind of policy i need to add? (Already using the "AmazonSSMFullAccess" policy on the user) Or is there a better way of getting RDP access to the GameLift server?

asked 25 days ago79 views
1 Answer

It looks like your assuming a role called FleetServiceEC2Access-DataPlaneRole-FRA. Ensure this role as the appropiate access. It could be different than the IAM used which has AmazonSSMFullAccess

Have you tried RDP Directly from Fleet Manager in ssm instead of via port forwarding?

profile picture
answered 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions