To scan AWS EC2(Linux) instances leveraging AWS SSM, you require AWS IAM user credentials(Access key ID, Secret access key) having the following permissions:
- ssm:SendCommand
- ssm:ListCommandInvocations
- ssm:DescribeInstanceInformation
To create an AWS user account with the required permissions for SSM-based scans, you can refer to Create AWS SSM Service Account for Scanning Linux Endpoints.