Update IAM Role

For our EC2 instances to be able to send session logs to the S3 bucket, we will need to update the IAM Role assigned to the EC2 instance by adding a policy that allows access to S3.

Update IAM Role

  1. Go to IAM service management console

    • Click Roles.
    • In the search box, enter SSM.
    • Click on the SSM-Role role. S3

  2. Click Attach policies. S3

  3. In the Search box enter S3.

    • Click the policy AmazonS3FullAccess.
    • Click Add permissions. S3

In the production environment, we will grant stricter permissions to the specified S3 bucket. In the framework of this lab, we use the policy AmazonS3FullAccess for convenience.

Next, we will proceed to create an S3 bucket to store session logs.