docs/source/_static/managed-policies/AWSSystemsManagerChangeManagementServicePolicy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:CreateAssociation",
"ssm:DeleteAssociation",
"ssm:CreateOpsItem",
"ssm:GetOpsItem",
"ssm:UpdateOpsItem",
"ssm:StartAutomationExecution",
"ssm:StopAutomationExecution",
"ssm:GetAutomationExecution",
"ssm:GetCalendarState",
"ssm:GetDocument"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:DescribeAlarms"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"sso:ListDirectoryAssociations"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"sso-directory:DescribeUsers",
"sso-directory:IsMemberInGroup"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": "iam:GetGroup",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ssm.amazonaws.com"
]
}
}
}
]
}