Running Commands Using AWS Systems Manager: A Step-by-Step Guide

AWS Systems Manager (formerly known as AWS SSM) is an AWS service used to view and control AWS infrastructure. It provides a solution to automate the operational tasks for Amazon instances. It lets engineers manage the configuration of the managed instances remotely and securely. AWS System Manager is an AWS service that helps in maintaining the servers. You can automate the process and perform desired tasks on the servers without logging into the system.

Having several servers seems to be a great way for efficient utilization. But the maintenance of the servers can be tedious enough to put a huge overall cost. The engineers must log in to the machines, list the patches, select, and install the same. This sounds to be easy, but it becomes cumbersome when a bunch of machines must be maintained. It would take more time and is a manual task affecting the performance. Additionally, this may also cause manual errors like, missing instances, missing packages during the process and creating issues.

The AWS Systems Manager is a powerful tool with varied capabilities categorized into operational management, application management, change management, node management, shared resources.
Today we will focus on the ‘Run Command’ targeted to simplify operational management tasks.

Run Command: 

It is a capability of the AWS Systems manager that allows you to remotely maintain and manage the servers. Managed servers are servers that have been configured for use by SSM service.

With Run Command, we can perform:

• Adhoc exceptions. and
• one-time configuration changes

Follow the guide below for a demo on how to use the Run command.

Prerequisites: 

You will need an AWS Account to begin with. If you are new to AWS or do not have an account, you can create one using this link:

https://aws.amazon.com/free/

Here is a step-by-step guide to use the run command:  

 Create an IAM role for EC2-SSM: 

1. Go to IAM Dashboard in AWS Console
   https://console.aws.amazon.com/iam/home?region=us-east-2  
   
   
2. Click on Roles on the left pane and click Create role
   
   
   
3. Choose the AWS Service (EC2) and click next permissions
   
   
4. Choose AmazonSSMFullAccess and click on next
   
   
5. Give a name for the role and Click Create role
   
   

Create Instances with the above roles attached:

1. Go to EC2 Dashboard in AWS
2. Click on Launch Instance, Choose the ubuntu AMI (ami-0b9064170e32bde34)
3. In Instance type, choose T2.micro and click on next

   
   

4. In Instance Configure, let the instance count by 1.In the IAM role, choose the role you created in the previous task
   
   
5. Keep default values for storage and move to the next stage.
6. Add tags to the Instance
   
   
7. Review and Create the instance.

Create a VPC Endpoint: 

1. Go to VPC Console,
2. Choose Endpoints towards the left pane
   
   
3. Click on Create Endpoint
   
4. Choose Service Category: AWS Service and select the Servicecom.a
   mazonaws.us-east-2.ssm
   
   
   
5. Choose the VPC, subnet to which you want to create an endpoint
6. Click on create Endpoint
   
   
   

Create a run command and execute the command:

1. Go to System manager console
2. Towards the left pane, choose the Run Command Service
   
   
3. Click on the Run command
   
   
4. Choose the Command Document that is compatible with the type of end servers ( Linux / windows)In this demo,  We are using Linux servers, so I choose AWS-ConfigureAWSPackage
   

5. Scroll down, in command parameters,
   a. Action, (install)
   b. Installation type:
   c. Name: Provide the valid Package name ( eg: AmazonCloudWatchAgent, AwsEnaNetworkDriver)
   
   
6. Targets: there are 3 ways you can identify the end servers:
   a. By specifying tags
   b. Manually choosing
   c. Choosing the resource GroupClick on Choose instance manually
   
   
7. In the output options, Uncheck, enable S3 output
   
   
8. Click on the run command.
   
   You will notice the execution of the command.
   
   
   
   
9. Verify:
   
   sudo systemctl start amazon-cloudwatch-agent sudo systemctl status amazon-cloudwatch-agent

   1 2	sudo systemctl start amazon-cloudwatch-agent sudo systemctl status amazon-cloudwatch-agent

Hope this blog has shed light on the uses of ‘run command’, and how it can be used to manage and maintain the servers. It can be used to perform patch updates to the servers without SSH into the machine easily and securely.
To learn more about managing infrastructure on AWS, then here is a step-by-step guide for you.

Feel free to drop any queries and our team of experts will get back to you very soon.

Cheers!