Use Systems Manager Session Manager

To use Systems Manager Session Manager with Stax, you need to configure an IAM Instance Profile.

Article Tags
On This Page
Before You BeginWhy do I need to do this?Configure the IAM Instance ProfileSee Also

AWS Systems Manager Session Manager allows you to manage your EC2 instances and on-premises servers using a browser-based shell or the AWS CLI. To use Systems Manager Session Manager for EC2 instances with Stax, you need to configure an IAM Instance Profile. The profile grants the instance access to write to the Systems Manager Session Manager logging S3 bucket.

If using Stax Networks, you need to perform additional steps and should follow this guide instead: Use Systems Manager Session Manager with Stax Networks.

Before You Begin

  • Estimated time to complete: 15 minutes
  • You need Developer or higher privileges within the AWS Application Accounts that you wish to use Systems Manager Session Manager in

Why do I need to do this?

When you use AWS Systems Manager Session Manager, it requires access to trigger messages to the Systems Manager control plane, and also to write logs to an S3 bucket. This access requires an appropriately configured IAM Instance Profile.

Configure the IAM Instance Profile

Your instance(s) will need an IAM Instance Profile assigned that permits the Systems Manager activities that are required. The easiest way to do this is to apply the AmazonSSMManagedInstanceCore managed policy to your Instance Profile. Additionally, you'll require a policy or in-line policy that grants the instance access to write to the Stax Session Manager logging bucket:

{
  "Effect": "Allow",
  "Action": [
    "s3:PutObject",
    "s3:PutObjectAcl",
    "s3:PutObjectTagging",
    "s3:GetEncryptionConfiguration",
    "s3:GetBucketLocation"
  ],
  "Resource": [
    "arn:aws:s3:::<SMSM_BUCKET_NAME>",
    "arn:aws:s3:::<SMSM_BUCKET_NAME>/*"
  ]
}

In the JSON policy syntax above, replace the <SMSM_BUCKET_NAME> placeholder with your AWS Systems Manager Session Manager S3 bucket. This bucket resides in your Logging Account and will have a name similar to stax-session-manager-25d515d9-92d3-4ce7-8519-9c305490b5c0.

See Also