AWS SSM User Guide

overview using aws systems manager (ssm) command scripts, you can control and automate your aws resources in this guide, you will learn how to connect and run ssm commands from your zixi broadcaster steps follow these steps to initiate ssm commands from within zen master step 1 update aws iam policy with the feb 2026 release of zen master, the aws iam policy has been updated to include authorization for ssm sign in to zen master in the left navigation, hover over configuration and select amazon aws in the top tabs, select documentation for the policy document json file , select the copy icon to the right of step 3 this latest set of permissions allows zen master to trigger ssm documents create an iam role for zen master sign in to your aws iam console select the policies page either update an existing policy or create a new policy using the copied permissions if you are creating a new policy and role, follow the steps in the zen master documentation tab step 2 create a role with ssm agent next, create a role with the ssm agent installed return to your aws iam console select roles and then create role select ec2 in the add permissions screen, search for ssm select the ssm agent amazonssmmanagedinstancecore click next in the name, review, and create screen , enter the following role name description leave the default trust policy and permissions click create role view your new role and copy the instance profile arn step 3 apply the role to your cluster now, you can apply the aws role to your zen master broadcaster cluster return to zen master in the left navigation, select broadcasters select a broadcaster cluster and click edit broadcaster cluster find the instance profile arn field and paste in your value from the new role you created in aws insert instance profile arn click save you can now initiate an ssm document from a broadcaster within this cluster step 4 create an ssm document in the aws iam console, you will create an aws systems manager (ssm) command document in aws, go to the aws systems manager in the left navigation, select documents expand the create document button and select command or session in the document details screen, enter the following name target type aws ec2 instance content json – update with your script here’s an example script that you can try this example returns 'hello' whether the instance is running linux or windows { "schemaversion" "2 2", "description" "a simple document to echo hello to the command line ", "mainsteps" \[ { "action" "aws\ runshellscript", "name" "echohellolinux", "precondition" { "stringequals" \[ "platformtype", "linux" ] }, "inputs" { "runcommand" \[ "echo 'hello'" ] } }, { "action" "aws\ runpowershellscript", "name" "echohellowindows", "precondition" { "stringequals" \[ "platformtype", "windows" ] }, "inputs" { "runcommand" \[ "write output 'hello'" ] } } ] } click create document step 5 initiate ssm document from zen master your new ssm document will now appear as an option to select in zen master return to your cluster in zen master edit a broadcaster within the cluster in the top right, select the kabob menu and select run ssm command run ssm command option expand available ssm scripts you should see your new ssm document in the list select your new ssm document click run ssm command run ssm command in the ssm command output window, you will see the command line output on the instance note that only the last 10 lines of output are displayed in the output window ssm command output if you want to write the output to an s3 bucket, you can do this in aws within your ssm document coming soon, you will be able to write the output to an s3 bucket from zen master