Managing AWS Services with Systems Manager – RUN Command

Managing AWS Services

Sometimes as a systems administrator, it is imperative to make changes to configurations of your Ec2 servers. These critical jobs can become tough especially when the number of servers you manage is high, and you must not omit even a single server. It is going to be a time taking process to log on to each server and modify the changes. AWS Systems Manager Run Command lets you execute commands on your Ec2 instances at scale without having you to log onto the servers. Let us say that you need to install a particular software in 250 Linux Ec2 instances, we cannot allocate a resource dedicated for logging on to every instance to have the software installed. Thanks to AWS Systems Manager RUN Command which will let you do the task remotely at one go and at the same time maintaining an audit log on who performed what action and when. For the RUN command to work, the instances must be managed by AWS Systems Manager, please see my previous blog on how to make the ec2 instances as Systems manager managed instances.The RUN command also needs a document which is a series of steps executed in sequence.  A document defines the configurations for your systems. Documents can be of two types a) pre-defined and b) custom-defined.

All common tasks such as installing software, configuring CloudWatch or running shell or PowerShell scripts, etc. can be found in pre-defined documents. A Command consists of a document, a set of targets, and run-time parameters that we pass.

Let us see an example of running a shell script command to install httpd service on 5 Linux instances.

Now assuming that you have an SSM agent running on your instances and an IAM role attached to the Ec2 instances which gives them permissions to communicate with the Systems Manager Service. Next we go to systems manager dashboard from AWS console and select RUN Command. We need to select an appropriate document to execute the commands and in this scenario, we select AWS-RunShellScript as our document.

Below that you will see a text editor kind of interface where you give the actual commands that you wanted to be executed. Here I want to install httpd service on all the 5 servers.

As for targets, I would like to utilize the tagging feature of AWS as it makes it easy to distinguish between the instances especially if there are so many of them. In this example I have selected instances which are tagged under Prod as I want only the Prod instances to have this service to be installed and then I hit RUN button.

Viola…! I have successfully installed httpd service in all the 5 instances without even logging into them.

Further you can have the options like sending the output to an S3 bucket, have an SNS notification of the status sent to your phone or via an email. Or you can simply see the output right away on Run command console by clicking on the instance ID and expanding the Output option.

Thank you for reading, Did you or your organisation try implementing this?, We here at Dataevolve have expertise in various technologies and can help you with automating your infrastructure and provide managed services. If you have anything to add please send a response or add a note!

Happy Savings on your TCO 💰!


    Start a project

    If you want to get a free consultation without any obligations, fill in the form below and we'll get in touch with you.