Remotely Run Commands on an EC2 Instance
In this article, I’m going to discuss how to use AWS Systems Manager to remotely run commands on EC2 instances.
Step 1: Create an identity and access management role (IAM role)
Go to the IAM console at https://console.aws.amazon.com/iamv2/home?#/home. Click on Roles under Access management on the navigation pane. Then choose Create Role.
Then you will be directed to the Select type of trusted entity page, under AWS service you should choose the service that will use this role. In our case it’s EC2. then click Next: Permissions.
Here we are going to attach permission policy to our IAM role. On the Attached permissions policy page, type AmazonEC2RoleforSSM and select it. Then click Next: Tags
You can use the tags to organize, track, or control access for this role. You can add a new key and a value for it. Then click Next: Review
Here we are going to add a name and description to our IAM role. You can add
Role name : EnablesEC2ToAccessSystemsManagerRole
Role description: Enables an EC2 instance to access Systems Manager (or you can put another description that describes the role)
Then click Create role.
Step 2: Create an EC2 instance.
Now we are going to create an EC2 instance using the IAM role we created in step 1. Open EC2 console. Now choose Launch instance. Then you will be directed to choose an amazon machine image (AMI). Then select Amazon Linux 2 AMI. This machine image is free tier eligible. And in the future, we want to use a Systems manager agent running on EC2. SSM Agent is preinstalled, by default, on the following Amazon Machine Images (AMIs):
- Amazon Linux
- Amazon Linux 2
- Amazon Linux 2 ECS-Optimized Base AMIs
- macOS 10.14.x (Mojave) and 10.15.x (Catalina)
- Ubuntu Server 16.04, 18.04, and 20.04
- Windows Server 2008–2012 R2 AMIs published in November 2016 or later
- Windows Server 2016 and 2019
After that choose t2.micro as your instance type then click Next: Configure Instance Details.
Now we are going to configure instance details. In the IAM role dropdown select the EnablesEC2ToAccessSystemsManagerRole role we created earlier. Leave other things as default. Then click Review and Launch.
Then choose Launch to launch to your instance. Now Select an existing key pair or create a new key pair dialogbox will appear. Here you will not need a new or existing key pair to use the system manager remotely run command. So you can choose Proceed without a key pair and don’t forget to tick the I acknowledge that… Check box. Next click Launch instance to launch it.
Step 3: Update the Systems Manager Agent
On the top search bar, search Systems manager to open the systems manager console
Then choose Fleet manager under the Node management on the navigation pane. It will show you the managed instances you have.
Then go to the Run command under Node management. Click the Run command button.
To complete the process here is what you have to do:
1: on the Command Document panel click in the search bar and select, Document name prefix then click Equals, after that type AWS3-UpdateSSMAgent. Finally, it will show like this Document name prefix: Equals: AWS-UpdateSSMAgent. And don’t forget to click on the radio button suggested by the search.
2: scroll down to the Targets panel.
Click Choose instances manually. Then click the checkbox suggested in the panel.
Then scroll down. Click Run. Next, you will see overall success in green. So you have just run your first remote command using Systems manager.
Step 4. Run a Remote Shell Script
In this step, we are going to run a shell script through Run Command. Again go to the Run command under Node management and click on Run Command. And then:
1: on the Command Document panel click in the search bar and select,
Document name prefix then click Equals, after that type AWS-RunShellScript. it will show like this Document name prefix: Equals: AWS-RunShellScript. Click on the radio button suggested by the search.
2: scroll down to the Targets panel.
Click Choose instances manually. Then click the checkbox suggested in the panel.
3: scroll up to the Command parameters panel. And insert the following command in the Commands Text box.
sudo yum update -y
Finally, scroll down and click on Run button. Wait until the overall status turns to Success. Then on the Targets and outputs panel click on the instance id. And click view output. Then click on the output panel to view the output of the command from the instance.
And we are done! Now we have successfully created a managed EC2 instance and remotely run a command using Systems Manager.
Important: Terminate EC2 and related resources. Not terminating resources can result in a charge.
