By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SSM Association Role

0

What specific role is needed to run start-associations-once in the CLI?

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS Systems ManagerIAM Policies
Language
English
rePost-User-olmec
asked 8 months ago269 views
1 Answer
0

I believe your question is more towards, what are the permissions required for running SSM start-associations-once.

Please refer Actions, resources, and condition keys for AWS Systems Manager and search for startassociation in this page, you'll see what are the permissions and resource access are required. Basically, your CLI user must have StartAssociationsOnce for the resource arn:aws:ssm:*:<AccountId>:association/<SSM_ResourceName>. SSMResourceName can be "*" as well if you want to give access for all resources.

Hope this helps.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 8 months ago
  • rePost-User-olmec
    8 months ago

    Can you provide the exact CLI command? I am currently trying to run aws ssm start-associations-once
    --association-id "8dfe3659-4309-493a-8755-0123456789ab" What parameters should I add to permissions? This command doesn't have a "parameters" field.

  • rePost-User-olmec
    8 months ago

    arn:aws:iam::8X4956999XX:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content