AWS IAM Policies¶
To use AWS Session Manager with StormTunnel, your AWS account needs the right permissions. This is usually handled by your AWS administrator.
Option 1: AWS Managed Policy (Easiest)¶
Ask your admin to attach the AWS-provided policy:
- Policy Name:
AmazonSSMManagedInstanceCore - Where: AWS IAM Console > Users > Your Name > Add Permissions
This grants all permissions needed for Session Manager.
Option 2: Custom Minimal Policy¶
If your admin wants to restrict permissions to the minimum:
| Permission | Purpose |
|---|---|
ec2:DescribeInstances | View your EC2 instances |
ssm:DescribeInstanceInformation | Check instance status |
ssm:StartSession | Start a session |
ssm:TerminateSession | End a session |
Troubleshooting Permission Issues¶
If you see "Access Denied" or "Not authorized":
- Ask your AWS administrator to verify your permissions
- Wait a few minutes after permissions are added (propagation delay)
- Log out and log back in to your AWS session
- Try again in StormTunnel
Getting Help¶
If permission issues persist:
- Ask your AWS administrator to check your IAM user permissions
- Share the exact error message with your admin
- Contact support with details