AWS Cloud Operations Blog

Adam Spicer

Author: Adam Spicer

Adam Spicer is a Senior Migration Delivery Consultant for AWS Professional Services. He works with enterprise customers to design and build their cloud infrastructure and automation to accelerate their migration to AWS. He is an avid FSU Seminole fan who loves to be on outdoor adventures with his family.

Authorize different sets of interactive session commands for users using SSM documents

Limit interactive session commands by groups of users using AWS Systems Manager

Customers are looking for a way to limit the types of commands that can be run on their Amazon Elastic Compute Cloud (Amazon EC2) instances when using AWS Systems Manager Session Manager interactive sessions. Allowed commands vary by group, meaning you need to allow different sets of commands based on the group of users. For […]

Enforce best practices in AWS Systems Manager documents leveraging CFN Guard

Many of us use AWS Systems Manager (SSM) documents to help automate various tasks. As we author documents and move them toward deployment, we’ll likely enforce certain standards and best practices. The AWS CloudFormation team released a general-purpose tool called AWS CloudFormation Guard that we can use to help enforce these best practices. In this […]

Monitor for public AWS Systems Manager custom documents with AWS Config rules

Monitor for public AWS Systems Manager custom documents with AWS Config rules

A new managed AWS Config rule is now available that checks if your AWS Systems Manager (SSM) documents have been shared publicly. This makes it easy to monitor your SSM document public sharing settings by leveraging a managed Config rule. This post demonstrates how to utilize detective controls and remediation actions for publicly shared SSM […]

Best practice considerations when using AWS Systems Manager document sharing

Best practice considerations when using AWS Systems Manager document sharing

An AWS Systems Manager (SSM) document is a resource that defines actions to perform on your managed instances. Each type—command documents, Automation documents, and session documents—serves a purpose. Depending on your use cases, you might use them to automate backup procedures for your applications, install packages, or use them across your fleet of instances for other DevOps […]