Skip to content

AWS IAM Permissions for AWS Session Manager

To use AWS Session Manager with StormTunnel, your AWS account needs the right permissions set up. This is usually handled by your AWS administrator.

What Your Admin Needs to Know

Your administrator should attach one of these AWS permissions to your user account:

Option 1: Use AWS Managed Policy (Easiest)

Ask your admin to attach the AWS-provided policy:

  • Policy Name: AmazonSSMManagedInstanceCore
  • Where: AWS IAM Console → Users → Your Name → Add Permissions

This gives you all the permissions you need for Session Manager.

Option 2: Custom Minimal Policy

If your admin wants to restrict permissions, they can use this minimal set:

  • ec2:DescribeInstances - View your EC2 instances
  • ssm:DescribeInstanceInformation - Check instance status
  • ssm:StartSession - Start a session
  • ssm:TerminateSession - End a session

Troubleshooting Permission Issues

If you see an error like "Access Denied" or "Not authorized":

  1. Ask your AWS administrator to verify your permissions are set up
  2. Wait a few minutes after permissions are added (they can take time to take effect)
  3. Log out and log back in to your AWS session
  4. Try again in StormTunnel

Getting Help

If you continue having permission issues:

  1. Ask your AWS administrator to check your IAM user permissions
  2. Report the error message to your admin
  3. Contact support with details

Last Updated: December 20, 2025