Run Commands On An EC2 Instance With AWS Systems Manager

If you are a System administrator and assigned a task to upgrade the packages for one application running on an EC2 instance, but due to some security restrictions, you are not permitted to access production instances via SSH or bastion host. In this situation, you can use AWS Systems Manager to remotely run shell scripts or certain commands to update packages on EC2 instances.

In this blog, we will cover everything you need to know about AWS Systems Manager and how to use it!

What is AWS System Manager and how does it work?
Benefits of System Manager
Who can use AWS Systems Manager?
Hands-on – Run commands remotely on an EC2 Instance using AWS Systems Manager
Conclusion

How does it work?

AWS Systems Manager provides its users visibility and control of their infrastructure on AWS. It has a unified user interface so one can view operational data from multiple AWS services and lets the user automate operational tasks across AWS resources.

What are its benefits?

Quick problem detection
Hybrid Environment Management
Easy Automation
Security and Compliance Maintenance
Improve Visibility and Control

Who can use AWS Systems Manager?

The key feature of System Manager is to make multiple roles can be performed easily. Hence, this service can be used by:

System administrators
Software developers
Security architects
Cloud architects
IT professionals who would like to manage AWS resources.

Hands-On

In this a scenario wherein you are assigned tasks by your team to upgrade the packages for your application running on your EC2 instances. Due to some security restrictions, you are not permitted to directly access your production instances via SSH and are not even allowed to use the bastion hosts. In this situation let’s use Amazon Systems Manager to remotely run your shell scripts or certain commands to update packages on your EC2 instances.

Step 1: Create an Identity and Access Management (IAM) role.
Step 2: Create an EC2 instance.
Step 3: Update the Systems Manager Agent.
Step 4: Upgradation process via the Fleet Manager dashboard.
Step 5: Run a Remote Shell Script.

Click on “Roles” under the “Access management” section on the left navigation pane.

Click on “Create role” to create a new role. You will use this role to give Amazon Systems Manager permission to perform actions on your instances.

Search for the “AmazonEC2RoleForSSM” policy and click on the checkbox to add the policy to the role.

Once done, click on “Next: Review” and enter a name for the newly created role and description

On creation of the role, you can type in the role name in the search bar on the Roles dashboard to verify if the role has been created successfully.

We will create an EC2 instance using the role that we created above. This will help us create a managed EC2 instance that will be managed by the Amazon Systems Manager.

Navigate to the Amazon EC2 console and ensure that the preferred region is selected in which you want to create your instance.

EC2 Dashboard console and click on “Launch instance” to launch a new managed instance in your preferred region.

Choose and Amazon Machine Image (AMI), select “Amazon Linux 2 AMI (64-bit)” and click on “Select”

Select Instance Type and Key Pair.

Next, you need to ensure that your have select a subnet has the “Enable auto-assign public IPv4 address” enabled. This is to be ensured since you will have to connect to your EC2 instance. Without the public IPv4 address, you will not be allowed to connect to your instance.

Note: Make sure the SSM agent is installed on your EC2 instance.

Scroll down and for the “IAM role”, select the role you created

Once done, click on “Launch Instances”.

You will see the newly created instance in the list shown below.

Once the “Instance State” changes to the “Running” state, select the newly created instance and click on “Actions”. Select “Connect” from the dropdown.

click on “Connect” to connect to your EC2 instance.

A new terminal console will open in a new tab as shown below.

Check the status of SSM Agent "sudo systemctl status amazon-ssm-agent"

Once you have an EC2 instance running the Systems Manager agent,

Navigate to the Amazon Systems Manager console on AWS.

Click on “Fleet Manager” under the “Node Management” section in the left navigation pane.

To automate the upgradation, click on “Account Management” and then, click on “Auto-update SSM agent”.

Click on “Auto-update SSM agent” and after a few minutes, the update will be automated for any existing or new instances you create.

Click on “Run Command” under the “Node Management” section in the left navigation pane.

Now, click on “Run command” to upgrade the SSM-agent manually.

Now, click on the radio button on the left of “AWS-UpdateSSMAgent”. This is known as the document and this will upgrade the Systems Management agent on the selected instance.

Once done, scroll down to the “Targets” section on the same page and select the radio button on the left of “Choose instances manually”

Scroll down and click on “Run” to execute the document.

You will see the “Overall Status” as “In Progress”.

After a few minutes, hit refresh and the status will change to “Success”.

After a few minutes, hit refresh and the status will be updated to “Success” on successful completion of execution of the command.

Now, to run a remote shell script for upgrading any packages on your EC2 instance, navigate back to the “Run Command” dashboard in Amazon Systems Manager and click on “Run Command”.

select the radio button on the left of “Choose instances manually” enter command parametes

After a few minutes, hit refresh and the status will be updated to “Success” on successful completion of execution of the command.

Verify httpd package installed or not.

Conclusion:

In this blog, we have explored that AWS Systems Manager has the ability to automate tasks and helps in keeping all our EC2 instances healthy, and applications managed, secure, and updated.

Site Terms, Privacy, and more.