Enable AWS SSM-based discovery

  • Release version: Zurich
  • Updated June 11, 2026
  • 1 minute to read

    • Configure Discovery to use AWS Systems Manager (SSM) Agent.

    Before you begin

    Role required: discovery_admin

    About this task

    The AWS SSM Agent runs with root (Linux) or SYSTEM (Windows) privileges, meaning any command sent through it can execute with full system access. Due to this high level of access, SSM is turned off by default for security reasons. On Linux, you can configure non-root credentials to run Discovery commands more securely. On Windows, Discovery commands require SYSTEM-level access, so you must decide whether to enable this capability based on your security requirements. Enabling glide.discovery.enable_ssm doesn't automatically activate SSM discovery on Windows. Unlike Linux, Windows lacks support for using a non-SYSTEM user, so for security reasons, you must explicitly enable the glide.discovery.ssm.enable_windows property to use AWS SSM discovery on Windows devices.

    Procedure

    1. Navigate to All > System Properties > All Properties.
    2. In the Name field, enter glide.discovery.enable_ssm.
    3. Double-click the Value field to perform inline editing.
    4. Enter true.
    5. Select the check mark (check mark icon) icon.
    6. Optional: To enable AWS SSM-based discovery on Windows machines, repeat steps 2-5 for the glide.discovery.ssm.enable_windows property.

    What to do next

    Define fallback root behavior using the mid.discovery.aws_ssm.linux.fallback_root_user property or create non-root credentials to execute Discovery commands using the AWS SSM Instance Users [aws_ssm_instance_user_credentials] table. For more information, see Enable root fallback and Configure custom user credentials.