Configure custom user credentials

  • Rversion finale: Australia
  • Mis à jour 13 mars 2026
  • 1 minute de lecture

    • Define a non-root user for AWS SSM discovery by creating a credential record that specifies a user name with sufficient privileges to execute discovery commands on Linux targets.

    Avant de commencer

    Confirm the following:
    • The system property glide.discovery.enable_ssm is turned on. For more information, see Enable AWS SSM-based discovery.
    • The user you're assigning as the non-root user has access to run all the necessary commands on the target server. This user requires the same access as credentials used for regular Linux discovery, including the necessary root-level access for privileged commands. For more information, see Credentials required for host discovery and SSH credentials

    Role required: discovery_admin

    Pourquoi et quand exécuter cette tâche

    Instead of relying on root, you can define a custom user with sufficient privileges to execute the required Discovery commands. Only a user name is needed—no password or key—provided that the user has the same level of access as traditional Linux Discovery credentials. This approach promotes restricted access and better alignment with enterprise security policies.

    Remarque :
    Currently, SSM supports only sudo for privileged command execution and defaults to the sh shell, with no support for alternate command or shell types.

    Procédure

    1. Navigate to All > Discovery > Credentials.
    2. Select New.
    3. Select AWS SSM instance User.
    4. Enter a unique name for the user.
    5. Enter the user name from the alternate user credential that you created on your EC2 instance in the AWS Management Console.
      For more information, see the Amazon SSM Discovery - AWS Environment Setup Instructions article in the Now Support Knowledge Base.
    6. Select Submit.

    Résultats

    A new record is added to the AWS SSM Instance Users [aws_ssm_instance_user_credentials] table.