everythingpossible - Fotolia


EC2 Run Command feature automates server management

Unlock the power of the relatively unknown EC2 Run Command to consolidate server management in the data center and on EC2 instances.

The Amazon EC2 service has a hidden gem: a feature that enables a developer to remotely run commands and scripts...

on one or more servers. Not only does it work for EC2 instances, but it also automates commands on local servers.

The EC2 Run Command feature is a powerful automation tool for the AWS platform. So, it's important to know how to use it to create consistency across cloud-based and on-premises workloads.

To get started, install an agent on Elastic Compute Cloud (EC2) instances or on-premises servers. Next, run predefined or custom-built commands and scripts on servers to install software, update OS configuration, perform diagnostics or gather configuration information. Execute commands on multiple servers from a single location in the AWS Management Console; this also displays the success or failure of command outputs.

It's not hard to combine the EC2 Run Command feature with existing workloads. Follow these steps to install an application on an existing instance running on AWS.

Configure an IAM Role

EC2 Run Command is part of the EC2 Simple Systems Manager (SSM) suite of tools and services. Grant EC2 instances permission to call the SSM API to process commands and scripts invoked from the EC2 console. Create an AWS Identity and Access Management (IAM) role with required permissions, and assign that role to the instances. To do this, follow these steps:

  1. From the AWS console home screen, click on the IAM shortcut under Security, Identity, and Compliance to navigate to the IAM console.
  2. In the IAM console, click on Roles.
  3. Click on the Create new role button.
  4. Under Select role type, click on Amazon EC2.
  5. On the Attach Policy screen, select the AmazonEC2RoleforSSM policy and then click Next Step.
  6. On the final screen, give the role a name, such as SSMRole, and click Create role.

Install the SSM Agent

After you created the IAM role, install the SSM agent. When creating new EC2 instances, associate the IAM role established in the last step with the instance. Configure the instance to run a user data script and install the SSM agent when the server boots up.

In this example, I'll launch a new instance in the console using the Amazon Linux machine image.

Configure the instance to associate it with the necessary IAM role.
Set the IAM role (SSMRole) for the EC2 instance.

Under Advanced Details, configure a user data script to download and install the SSM agent during instance launch, as shown in Figure 2. AWS offers several versions of the SSM agent to match different OS needs.

This script downloads and installs the SSM agent when creating an instance.
Configure the bootstrapping script for the EC2 instance.

Send a command in the EC2 console

After deploying the instance, commands can execute remotely from the EC2 console. Scroll down on the bottom left-hand side of the console, and click on the Run Command button within System Manager Services.

The system will prompt you to select a command document. There are several built-in command documents that perform common tasks, such as configure Docker on a Linux instance or join a Windows instance to an Active Directory domain. In this example, let's run a custom script called AWS-RunShellScript.

Finally, select the instance to run the script against. Select EC2 instances that have the SSM agent running and have the IAM permissions to communicate with the SSM API (Figure 3). It's possible to select multiple instances on this screen to run commands in parallel against a fleet of servers at once.

EC2 instances must run the SSM agent and have IAM permissions to run the script.
Manually select which instances will run AWS-RunShellScript.

After selecting the instance, scroll down to the Commands field, and input a single command or multiline script. In this example, I'll use the Yellowdog Updater, Modified (yum) package manager to install an Apache web server, as shown in Figure 4.

In this example, the developer runs the yum package manager on an EC2 instance.
Input a command to run on the instance.

Finally, click on the Run button at the bottom of the screen. After executing the command, you can view the progress in real time in the EC2 Run Command console. Select View Output to see any output a command returns.

Next Steps

Automate all the things with the AWS PowerShell module

The market demanded more hybrid tools -- and AWS responded

AWS and Chef tools tie together to automate workloads

Dig Deeper on Amazon EC2 (Elastic Compute Cloud) management