Configure custom user credentials

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Define a non-root user for AWS SSM discovery by creating a credential record that specifies a user name with sufficient privileges to execute discovery commands on Linux targets.

    始める前に

    Confirm the following:
    • The system property glide.discovery.enable_ssm is turned on. For more information, see Enable AWS SSM-based discovery.
    • The user you're assigning as the non-root user has access to run all the necessary commands on the target server. This user requires the same access as credentials used for regular Linux discovery, including the necessary root-level access for privileged commands. For more information, see Credentials required for host discovery and SSH credentials

    Role required: discovery_admin

    このタスクについて

    Instead of relying on root, you can define a custom user with sufficient privileges to execute the required Discovery commands. Only a user name is needed—no password or key—provided that the user has the same level of access as traditional Linux Discovery credentials. This approach promotes restricted access and better alignment with enterprise security policies.

    注:
    Currently, SSM supports only sudo for privileged command execution and defaults to the sh shell, with no support for alternate command or shell types.

    手順

    1. Navigate to All > Discovery > Credentials.
    2. Select New.
    3. Select AWS SSM instance User.
    4. Enter a unique name for the user.
    5. Enter the user name from the alternate user credential that you created on your EC2 instance in the AWS Management Console.
      For more information, see the Amazon SSM Discovery - AWS Environment Setup Instructions article in the Now Support Knowledge Base.
    6. Select Submit.

    タスクの結果

    A new record is added to the AWS SSM Instance Users [aws_ssm_instance_user_credentials] table.