Policy: AmazonSSMServiceRolePolicy

ARN: arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy

Allowed Actions

Actions	Services
cloudformation:DeleteStackInstances	cloudformation
cloudformation:DeleteStackSet	cloudformation
cloudformation:DescribeStackSetOperation	cloudformation
cloudformation:DescribeStacks	cloudformation
cloudformation:ListStackInstances	cloudformation
cloudformation:ListStackResources	cloudformation
cloudformation:ListStackSets	cloudformation
cloudwatch:DescribeAlarms	cloudwatch
compute-optimizer:GetEC2InstanceRecommendations	compute-optimizer
compute-optimizer:GetEnrollmentStatus	compute-optimizer
config:DescribeComplianceByConfigRule	config
config:DescribeComplianceByResource	config
config:DescribeConfigurationRecorders	config
config:DescribeRemediationConfigurations	config
config:SelectResourceConfig	config
ec2:DescribeInstanceAttribute	ec2
ec2:DescribeInstanceStatus	ec2
ec2:DescribeInstances	ec2
events:DeleteRule	events
events:DescribeRule	events
events:PutRule	events
events:PutTargets	events
events:RemoveTargets	events
iam:PassRole	iam
lambda:InvokeFunction	lambda
organizations:DescribeOrganization	organizations
resource-explorer-2:CreateManagedView	resource-explorer-2
resource-groups:GetGroupQuery	resource-groups
resource-groups:ListGroupResources	resource-groups
resource-groups:ListGroups	resource-groups
securityhub:DescribeHub	securityhub
ssm:CancelCommand	ssm
ssm:GetAutomationExecution	ssm
ssm:GetCalendarState	ssm
ssm:GetCommandInvocation	ssm
ssm:GetParameters	ssm
ssm:GetServiceSetting	ssm
ssm:ListCommandInvocations	ssm
ssm:ListCommands	ssm
ssm:ListTagsForResource	ssm
ssm:SendCommand	ssm
ssm:StartAutomationExecution	ssm
ssm:StopAutomationExecution	ssm
ssm:UpdateServiceSetting	ssm
states:DescribeExecution	states
states:StartExecution	states
support:DescribeCases	support
support:DescribeTrustedAdvisorCheckResult	support
support:DescribeTrustedAdvisorCheckSummaries	support
support:DescribeTrustedAdvisorChecks	support
tag:GetResources	tag