AWS Config Rule: SSM Document Not Public
SSM_DOCUMENT_NOT_PUBLIC
Ryan Ware
Last Update 7 maanden geleden
Description: Checks if AWS Systems Manager documents owned by the account are public. This rule is NON_COMPLIANT if SSM documents with owner 'Self' are public.
Trigger type: Periodic
AWS Region: All supported AWS regions except Israel (Tel Aviv), Canada West (Calgary) Region
How to Resolve Manually
To resolve this manually, you will first need to head on over to your AWS Systems Manager Dashboard within the AWS Console. From here, use the left hand side menu to find Documents.
To decrease the scope of the listed Documents, click on the tab which is called "Owned By Me". This will remove all AWS SSM Documents from the view and focus on only SSM Documents you have owned and available.
Once here, click on one of your SSM Documents. Of the tabs now showing, click "Details" for an overview of the Documents' parameters, attachments, permissions and so on. We're interested in the Permissions part here, as this section will list whether your SSM Document is current public or private.
If your SSM Document is currently showing as NON_COMPLIANT due to it being publicly available, here you are given the chance to rectify this by changing the scope of the permissions to Private and pressing Save.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
