Your fleet management tool is a remote shell for the attacker
AWS Systems Manager can run a command as root on every instance at once. To an attacker with the right permission, that is not management, it is lateral movement across your whole fleet. Here is how, and the fix.
The tool you use to patch a thousand servers will, in the wrong hands, own a thousand servers.
What it is
AWS Systems Manager (SSM) RunCommand executes commands on managed EC2 instances through the SSM agent, which typically runs as root or SYSTEM. An attacker with ssm:SendCommand, against instances enrolled in SSM, runs arbitrary commands on any or all of them at once, with no SSH key, no inbound port, and no credential stored on the box. This is T1651 (cloud administration command) with T1021 (remote services).
Why it works
SSM is a legitimate management path, so the calls read as operations, not intrusion. One IAM permission reaches every enrolled instance, as root, in parallel. The blast radius is the entire fleet.
How to detect it
In CloudTrail, watch for SendCommand or StartSession from a principal that does not normally run SSM, especially targeting many instances or running unusual documents. SSM command history shows exactly what ran where.
The fix that holds
Least-privilege ssm:SendCommand, scoped by resource and tags, and restrict which documents can run. Require approvals for fleet-wide commands, log SSM command output to a protected bucket, and alert on broad or unusual SendCommand. Do not grant SSM administration to roles that do not operate the fleet.
Practice it
We built an SSM lateral-movement scenario in GraphLattice Range so teams learn why one IAM permission is a fleet-wide shell, and how to contain it.