arbabnazar/SSMAccess.json

## SSMAccess.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:DescribeSessions",
                "ssm:GetConnectionStatus",
                "ssm:DescribeInstanceProperties",
                "ec2:DescribeInstances",
                "ssm:StartSession"
            ],
            "Resource": "*"
        },
        {
            "Sid": "ReadAlltheSSMThings",
            "Effect": "Allow",
            "Action": [
                "ssm:Get*",
                "ssm:Describe*",
                "ssm:List*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "SameUserTerminate",
            "Effect": "Allow",
            "Action": "ssm:TerminateSession",
            "Resource": "arn:aws:ssm:*:*:session/${aws:username}-*"
        },
        {
            "Sid": "DenySMtoProd",
            "Effect": "Deny",
            "Action": "ssm:StartSession",
            "Resource": [
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Condition": {
                "StringLike": {
                    "ssm:resourceTag/Environment": "Prod"
                }
            }
        }
    ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"ssm:DescribeSessions",
	"ssm:GetConnectionStatus",
	"ssm:DescribeInstanceProperties",
	"ec2:DescribeInstances",
	"ssm:StartSession"
	],
	"Resource": "*"
	},
	{
	"Sid": "ReadAlltheSSMThings",
	"Effect": "Allow",
	"Action": [
	"ssm:Get*",
	"ssm:Describe*",
	"ssm:List*"
	],
	"Resource": "*"
	},
	{
	"Sid": "SameUserTerminate",
	"Effect": "Allow",
	"Action": "ssm:TerminateSession",
	"Resource": "arn:aws:ssm:::session/${aws:username}-*"
	},
	{
	"Sid": "DenySMtoProd",
	"Effect": "Deny",
	"Action": "ssm:StartSession",
	"Resource": [
	"arn:aws:ec2:::instance/*"
	],
	"Condition": {
	"StringLike": {
	"ssm:resourceTag/Environment": "Prod"
	}
	}
	}
	]
	}