Skip to content

Policy: AWS-SSM-RemediationAutomation-ExecutionRolePolicy

ARN: arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-ExecutionRolePolicy

Allowed Actions

Actions Services
ec2:AuthorizeSecurityGroupEgress ec2
ec2:AuthorizeSecurityGroupEgress ec2
ec2:AuthorizeSecurityGroupIngress ec2
ec2:AuthorizeSecurityGroupIngress ec2
ec2:CreateSecurityGroup ec2
ec2:CreateSecurityGroup ec2
ec2:CreateTags ec2
ec2:CreateTags ec2
ec2:CreateTags ec2
ec2:CreateVpcEndpoint ec2
ec2:CreateVpcEndpoint ec2
ec2:CreateVpcEndpoint ec2
ec2:DescribeSecurityGroups ec2
ec2:DescribeSubnets ec2
ec2:DescribeVpcAttribute ec2
ec2:DescribeVpcEndpoints ec2
ec2:DescribeVpcs ec2
ec2:ModifyVpcAttribute ec2
ec2:RevokeSecurityGroupEgress ec2
iam:PassRole iam
kms:Decrypt kms
kms:GenerateDataKey kms
ssm:DescribeAutomationExecutions ssm
ssm:DescribeAutomationStepExecutions ssm
ssm:GetAutomationExecution ssm
ssm:StartAutomationExecution ssm