Hi everyone,
I’m trying to use AWS Systems Manager RunCommand to execute commands on my EC2 instances.
Here’s the situation:
- I can successfully connect to my instances via SSM Session Manager, so the SSM agent is working and the instance is managed.
- The instance has an IAM role with the following policies:
AmazonSSMManagedInstanceCoreAmazonSSMFullAccessCloudWatchAgentServerPolicy
- Despite that, every time I try to run a command from SSM → RunCommand, it fails with AccessDenied.
- I also created an IAM role for myself with those same permissions and switched to it, but the issue remains.
SSM agent logs show successful registration
RunCommand status: Failed → Detailed Status: “Access Denied”
I’m unable to view my own user’s permissions due to iam:ListAttachedUserPolicies being denied
What could be the problem? Is there anything else I’m missing – trust policy, instance profile refresh, or session permissions?
Thanks in advance!
Hi @Nikola97,
I think we need the ssm:SendCommand permission in this case. Are you working in a lab environment or just practicing in the KodeKloud playground? If it’s a lab or KKE task, please share the lab link or the course level and task name. I’ll take a closer look.
Hello @raymond.baoly ,
I am just practicing a KodeKloud playground.
I am able to use the session manager function of SSM, but not able to use run command function.
I suppose there is a permission missing on kk_user acc, but not able to check.
Hi @Nikola97,
I’m also having this problem with Playground. I’ll look into it more to find the root cause and keep you updated.
"I can test it on my personal account where it seems to work fine. The issue might be that the playground account doesn’t have enough permissions. I’ll look into it further and share my findings with the team to see if we can update it.
1 Like
Hi @Nikola97,
I think the root cause is that the playground user is missing the ssm:SendCommand permission. I’ve passed this on to the team to look into it.
Hello @raymond.baoly
Do you have an update on this? Did you add this permission to playground user?
Thank you in advance!
Hi @Nikola97,
Just a reminder to the team, there’s no new update yet
Hello @raymond.baoly do you have an update on this? Thank you!
Hello @raymond.baoly do you have an update on this? Thank you!
Hi @Nikola97,
The team is working on fixing the issue. I’ll let you know as soon as the playground is updated.
Hi @raymond.baoly @mumshadgmail @mmumshad
It’s now been 50 days since this issue was first reported and acknowledged, and unfortunately there is still no resolution. I really appreciate your initial support and communication, but I must say I’m quite disappointed that it’s taking this long to add a simple permission in the playground environment, especially given how fundamental SSM RunCommand is for practicing AWS skills.
I hope the team can prioritize this soon, as it’s affecting the practical value of the KodeKloud playground for AWS learners like myself. Thank you for your understanding.
Hi @Nikola97,
Thank you for your honest feedback, it’s completely understandable, and we truly appreciate your patience.
While the change may seem simple on the surface, the team has been working on it carefully as it touches shared infrastructure and could potentially impact other services in the Playground environment. To avoid unintended side effects, the fix is currently under review and testing.I’ve flagged the issue again with the team for further prioritization.
Thanks again for bearing with us, we really value your input and will keep you updated.
