• The AWS Systems Manager CloudWatch Dashboard will no longer be available after April 30, 2026. Customers can continue to use Amazon CloudWatch console to view, create, and manage their Amazon CloudWatch dashboards, just as they do today. For more information, see [Amazon CloudWatch Dashboard documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html). 

# Managing OS user accounts and groups on managed nodes using Fleet Manager
<a name="fleet-manager-manage-os-user-accounts"></a>

You can use Fleet Manager, a tool in AWS Systems Manager, to manage operating system (OS) user accounts and groups on your managed nodes. For example, you can create and delete users and groups. Additionally, you can view details like group membership, user roles, and status.

**Important**  
Fleet Manager uses Run Command and Session Manager, tools in AWS Systems Manager, for various user management operations. As a result, a user could grant permissions to an operating system user account that they would otherwise be unable to. This is because AWS Systems Manager Agent (SSM Agent) runs on Amazon Elastic Compute Cloud (Amazon EC2) instances using root permissions (Linux) or SYSTEM permissions (Windows Server). For more information about restricting access to root-level commands through SSM Agent, see [Restricting access to root-level commands through SSM Agent](ssm-agent-restrict-root-level-commands.md). To restrict access to this feature, we recommend creating AWS Identity and Access Management (IAM) policies for your users that only allow access to the actions you define. For more information about creating IAM policies for Fleet Manager, see [Controlling access to Fleet Manager](configuring-fleet-manager-permissions.md).

**Topics**
+ [Creating an OS user or group using Fleet Manager](manage-os-user-accounts-create.md)
+ [Updating user or group membership using Fleet Manager](manage-os-user-accounts-update.md)
+ [Deleting an OS user or group using Fleet Manager](manage-os-user-accounts-delete.md)

# Creating an OS user or group using Fleet Manager
<a name="manage-os-user-accounts-create"></a>

**Note**  
Fleet Manager uses Session Manager to set passwords for new users. For Amazon EC2 instances, the instance profile attached to your managed instances must provide permissions for Session Manager to use this feature. For more information about adding Session Manager permissions to an instance profile, see [Add Session Manager permissions to an existing IAM role](getting-started-add-permissions-to-existing-profile.md).

Instead of logging on directly to a server to create a user account or group, you can use the Fleet Manager console to perform the same tasks.

**To create an OS user account using Fleet Manager**

1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).

1. In the navigation pane, choose **Fleet Manager**.

1. Choose the button next to the managed node you want to create a new user on.

1. Choose **View details**.

1. Choose **Tools, Users and groups**.

1. Choose the **Users** tab, and then choose **Create user**.

1. Enter a value for the **Name** of the new user.

1. (Recommended) Select the check box next to **Set password**. You will be prompted to provide a password for the new user at the end of the procedure.

1. Select **Create user**. If you selected the check box to create a password for the new user, you will be prompted to enter a value for the password and select **Done**. If the password you specify doesn't meet the requirements specified by your managed node's local or domain policies, an error is returned.

**To create an OS group using Fleet Manager**

1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).

1. In the navigation pane, choose **Fleet Manager**.

1. Choose the button next to the managed node you want to create a group in.

1. Choose **View details**.

1. Choose **Tools, Users and groups**.

1. Choose the **Groups** tab, and then choose **Create group**.

1. Enter a value for the **Name** of the new group.

1. (Optional) Enter a value for the **Description** of the new group.

1. (Optional) Select users to add to the **Group members** for the new group.

1. Select **Create group**.

# Updating user or group membership using Fleet Manager
<a name="manage-os-user-accounts-update"></a>

Instead of logging on directly to a server to update a user account or group, you can use the Fleet Manager console to perform the same tasks.

**To add an OS user account to a new group using Fleet Manager**

1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).

1. In the navigation pane, choose **Fleet Manager**.

1. Choose the button next to the managed node where the user account exists that you want to update.

1. Choose **View details**.

1. Choose **Tools, Users and groups**.

1. Choose the **Users** tab.

1. Choose the button next to the user you want to update.

1. Choose **Actions, Add user to group**.

1. Choose the group you want to add the user to under **Add to group**.

1. Select **Add user to group**.

**To edit an OS group's membership using Fleet Manager**

1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).

1. In the navigation pane, choose **Fleet Manager**.

1. Choose the button next to the managed node where the group exists that you want to update.

1. Choose **View details**.

1. Choose **Tools, Users and groups**.

1. Choose the **Groups** tab.

1. Choose the button next to the group you want to update.

1. Choose **Actions, Modify group**.

1. Choose the users you want to add or remove under **Group members**.

1. Select **Modify group**.

# Deleting an OS user or group using Fleet Manager
<a name="manage-os-user-accounts-delete"></a>

Instead of logging on directly to a server to delete a user account or group, you can use the Fleet Manager console to perform the same tasks.

**To delete an OS user account using Fleet Manager**

1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).

1. In the navigation pane, choose **Fleet Manager**.

1. Choose the button next to the managed node where the user account exists that you want to delete.

1. Choose **View details**.

1. Choose **Users and groups**.

1. Choose the **Users** tab.

1. Choose the button next to the user you want to delete.

1. Choose **Actions, Delete local user**.

**To delete an OS group using Fleet Manager**

1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).

1. In the navigation pane, choose **Fleet Manager**.

1. Choose the button next to the managed node where the group exists that you want to delete.

1. Choose **View details**.

1. Choose **Tools, Users and groups**.

1. Choose the **Group** tab.

1. Choose the button next to the group you want to update.

1. Choose **Actions, Delete local group**.