Posted On: Nov 23, 2020
AWS Systems Manager now supports Amazon Virtual Private Cloud (Amazon VPC) endpoint policies, which allow you to configure access to the Systems Manager API. When you create Amazon VPC endpoints for Systems Manager, you can attach AWS Identity and Access Management (IAM) resource policies that restrict user access to Systems Manager API operations, when these operations are accessed via the Amazon VPC endpoint. For example, you can limit certain users to only be able to list Systems Manager Run Command invocations but not to send any command invocations. You can also restrict specific users’ ability to start a Systems Manager Session Manager session.
To create an Amazon VPC endpoint for Systems Manager, please see the documentation here.