DEV Community

Ashish Gajjar for AWS Community Builders

Posted on • Edited on

Run Commands On An EC2 Instance With AWS Systems Manager

AWS Systems Manager provides configuration management, which helps you maintain consistent configuration of your Amazon EC2 or on-premises instances.

If you are a System administrator and assigned a task to upgrade the packages for one application running on an EC2 instance, but due to some security restrictions, you are not permitted to access production instances via SSH or bastion host. In this situation, you can use AWS Systems Manager to remotely run shell scripts or certain commands to update packages on EC2 instances.
In this blog, we will cover everything you need to know about AWS Systems Manager and how to use it!

  • What is AWS System Manager and how does it work?
  • Benefits of System Manager
  • Who can use AWS Systems Manager?
  • Hands-on – Run commands remotely on an EC2 Instance using AWS Systems Manager
  • Conclusion

How does it work?

AWS Systems Manager provides its users visibility and control of their infrastructure on AWS. It has a unified user interface so one can view operational data from multiple AWS services and lets the user automate operational tasks across AWS resources.

What are its benefits?

  • Quick problem detection
  • Hybrid Environment Management
  • Easy Automation
  • Security and Compliance Maintenance
  • Improve Visibility and Control

Who can use AWS Systems Manager?

The key feature of System Manager is to make multiple roles can be performed easily. Hence, this service can be used by:

  • System administrators
  • Software developers
  • Security architects
  • Cloud architects
  • IT professionals who would like to manage AWS resources.

Hands-On

In this a scenario wherein you are assigned tasks by your team to upgrade the packages for your application running on your EC2 instances. Due to some security restrictions, you are not permitted to directly access your production instances via SSH and are not even allowed to use the bastion hosts. In this situation let’s use Amazon Systems Manager to remotely run your shell scripts or certain commands to update packages on your EC2 instances.

  • Step 1: Create an Identity and Access Management (IAM) role.
  • Step 2: Create an EC2 instance.
  • Step 3: Update the Systems Manager Agent.
  • Step 4: Upgradation process via the Fleet Manager dashboard.
  • Step 5: Run a Remote Shell Script. Login to your AWS account on the AWS console and navigate to the IAM console to get started. Click on “Roles” under the “Access management” section on the left navigation pane. Image description Click on “Create role” to create a new role. You will use this role to give Amazon Systems Manager permission to perform actions on your instances. Image description Search for the “AmazonEC2RoleForSSM” policy and click on the checkbox to add the policy to the role. Image description Once done, click on “Next: Review” and enter a name for the newly created role and description Image description On creation of the role, you can type in the role name in the search bar on the Roles dashboard to verify if the role has been created successfully. Choose and Amazon Machine Image (AMI), select “Amazon Linux 2 AMI (64-bit)” and click on “Select” Image description We will create an EC2 instance using the role that we created above. This will help us create a managed EC2 instance that will be managed by the Amazon Systems Manager. Navigate to the Amazon EC2 console and ensure that the preferred region is selected in which you want to create your instance. Image description EC2 Dashboard console and click on “Launch instance” to launch a new managed instance in your preferred region. Image description Choose and Amazon Machine Image (AMI), select “Amazon Linux 2 AMI (64-bit)” and click on “Select” Image description Select Instance Type and Key Pair. Image description Next, you need to ensure that your have select a subnet has the “Enable auto-assign public IPv4 address” enabled. This is to be ensured since you will have to connect to your EC2 instance. Without the public IPv4 address, you will not be allowed to connect to your instance. Note: Make sure the SSM agent is installed on your EC2 instance. Image description Scroll down and for the “IAM role”, select the role you created Image description Once done, click on “Launch Instances”. Image description You will see the newly created instance in the list shown below. Image description Once the “Instance State” changes to the “Running” state, select the newly created instance and click on “Actions”. Select “Connect” from the dropdown. Image description click on “Connect” to connect to your EC2 instance. Image description A new terminal console will open in a new tab as shown below.

Image description
Check the status of SSM Agent "sudo systemctl status amazon-ssm-agent"

Image description

Once you have an EC2 instance running the Systems Manager agent,
Navigate to the Amazon Systems Manager console on AWS.
Image description
Click on “Fleet Manager” under the “Node Management” section in the left navigation pane.
To automate the upgradation, click on “Account Management” and then, click on “Auto-update SSM agent”.
Image description
Click on “Auto-update SSM agent” and after a few minutes, the update will be automated for any existing or new instances you create.
Image description
Click on “Run Command” under the “Node Management” section in the left navigation pane.
Image description
Now, click on “Run command” to upgrade the SSM-agent manually.
Image description
Now, click on the radio button on the left of “AWS-UpdateSSMAgent”. This is known as the document and this will upgrade the Systems Management agent on the selected instance.
Image description
Once done, scroll down to the “Targets” section on the same page and select the radio button on the left of “Choose instances manually”
Image description
Scroll down and click on “Run” to execute the document.
Image description
You will see the “Overall Status” as “In Progress”.
Image description
After a few minutes, hit refresh and the status will change to “Success”.
Image description
After a few minutes, hit refresh and the status will be updated to “Success” on successful completion of execution of the command.
Image description
Now, to run a remote shell script for upgrading any packages on your EC2 instance, navigate back to the “Run Command” dashboard in Amazon Systems Manager and click on “Run Command”.
Image description
select the radio button on the left of “Choose instances manually” enter command parameters

#!/bin/bash
yum update -y 
yum install httpd -y
systemctl enable --now httpd.service

Enter fullscreen mode Exit fullscreen mode

Image description
After a few minutes, hit refresh and the status will be updated to “Success” on successful completion of execution of the command.
Image description
Verify httpd package installed or not.
Image description

Conclusion:

In this blog, we have explored that AWS Systems Manager has the ability to automate tasks and helps in keeping all our EC2 instances healthy, and applications managed, secure, and updated.

Top comments (0)