Create an IAM role that allows administration using the SSM Agent.
Steps
-
In the AWS console, select IAM from the Services drop-down list at the top of the page.
-
From the menu on the left, select Roles.
-
Click Create role.
-
From the Select type of trusted
entity options, select AWS service.
-
From the Choose a use case options, select EC2, then click Next: Permissions.
-
On the Permissions tab, attach one or more policies that allow the use of SSM, then click Next: Tags.
Recommended policies include the following:
- AmazonSSMFullAccess — Allows interactive sessions and running commands remotely.
- AmazonSSMAutomationRole — Allows running commands remotely.
-
On the Tags tab, click Next: Review.
-
In the Role name field, enter a unique name for the IAM role, then click Create role.
-
Attach the IAM role to the NGFW instances in AWS.