Create an IAM role for administration using the SSM Agent

Create an IAM role that allows administration using the SSM Agent.

Steps

  1. In the AWS console, select IAM from the Services drop-down list at the top of the page.
  2. From the menu on the left, select Roles.
  3. Click Create role.
  4. From the Select type of trusted entity options, select AWS service.
  5. From the Choose a use case options, select EC2, then click Next: Permissions.
  6. On the Permissions tab, attach one or more policies that allow the use of SSM, then click Next: Tags.
    Recommended policies include the following:
    • AmazonSSMFullAccess — Allows interactive sessions and running commands remotely.
    • AmazonSSMAutomationRole — Allows running commands remotely.
  7. On the Tags tab, click Next: Review.
  8. In the Role name field, enter a unique name for the IAM role, then click Create role.
  9. Attach the IAM role to the NGFW instances in AWS.