SSM Association Role

What specific role is needed to run start-associations-once in the CLI?

主題

管理與治理安全性、身分識別與合規

標籤

AWS Systems Manager IAM 政策

語言

English

rePost-User-olmec

已提問 8 個月前檢視次數 282 次

1 個回答

最新
最多得票
最多評論

這些答案是否有幫助？支持正確答案，以幫助社區從您的知識中受益。

I believe your question is more towards, what are the permissions required for running SSM start-associations-once.

Please refer Actions, resources, and condition keys for AWS Systems Manager and search for startassociation in this page, you'll see what are the permissions and resource access are required. Basically, your CLI user must have StartAssociationsOnce for the resource arn:aws:ssm:*:<AccountId>:association/<SSM_ResourceName>. SSMResourceName can be "*" as well if you want to give access for all resources.

Hope this helps.

Comment here if you have additional questions, happy to help.

Abhishek

專家

secondabhi_aws

已回答 8 個月前

rePost-User-olmec
8 個月前
Can you provide the exact CLI command? I am currently trying to run aws ssm start-associations-once
--association-id "8dfe3659-4309-493a-8755-0123456789ab" What parameters should I add to permissions? This command doesn't have a "parameters" field.
rePost-User-olmec
8 個月前
arn:aws:iam::8X4956999XX:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM?

SSM Association Role

相關內容