Monitoring agents currently run as root. This doesn't seem necessary, at least for most of the agents, and is undesirable from the best practices point of view.
Instead, bring along an unprivileged user with the ssm-client package, and make monitoring agents/exporters run as that unprivileged user:
Monitoring agents currently run as root. This doesn't seem necessary, at least for most of the agents, and is undesirable from the best practices point of view.
Instead, bring along an unprivileged user with the ssm-client package, and make monitoring agents/exporters run as that unprivileged user:
user: ssm uid: 551 group: ssm gid: 551