search

aws / amazon-ssm-agent

An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).
https://aws.amazon.com/systems-manager/
Apache License 2.0
1.06k stars 322 forks source link

Feature Request: Server side remote & document execution restriction #293

Open anthonygea opened 4 years ago

anthonygea commented 4 years ago

For all kind of limitation, IAM policies are used to restrict Document execution through ssm-agent. I would like to add an extra security layer at the agent side to avoid execution of unauthorized Documents. Even if an user uses System Manager SendCommand to execute a Document that is not in the agent white-list, the agent will reject this job or return a failed status.

As an acceptance criteria: A IAM root or power user won't be able to execute any other Documents than those declared in the whitelist at the agent side.

Thanks for your feedback on this feature request.

nitikagoyal87 commented 4 years ago

Thanks for your feedback! We have noted this request.