This article explores the process of running commands on EC2 instance remotely. AWS Systems Manager is a Management Tool that enables you to gain operational insights and take action on AWS resources safely and at scale. AWS Systems Manager is an always free tier product. The EC2 instance you create in this tutorial is free tier eligible.
So, let’s begin with creating an EC2 instance first.
Step 1: Create an EC2 Instance
The first step is to create an EC2 instance that will be managed by AWS System Manager.
1. Login to your AWS account. Select AWS EC2 service and click on Launch Instance.
2. Select the Amazon Machine Image(AMI). You have to select Amazon Linux base AMI dated 2017.09 or later which includes the Systems Manager Agent by default. ( We have used the 2018.03 version here)
3. Now choose your instance type. To avoid any charges for this experiment, we can use the instance type t2 micro which is available in the free tier. Click on Review and Launch.
4. On the next page, In the IAM role dropdown choose the EnablesEC2ToAccessSystemsManagerRole role you created earlier. Choose Review and Launch.
5. After reviewing the details of your instance carefully, click on launch.
6. Next, generally you have to add a key pair to your EC2 instance, but you will not need a key-pair to use Systems Manager to remotely run commands. From the Choose an existing pair dropdown choose To proceed without a key pair and tick the checkbox stating: I acknowledge that. Next select Launch Instance.
Step 2: Create an Identity and Access Management (IAM) role
In order to create a role that will use AWS System Manager, we will have to create one IAM role configured for the same. For creating an IAM role follow these basic steps.
1. Open the IAM console at https://console.aws.amazon.com/iam
2. At the left, click on Roles, and then click on Create Role.
3. On the next page, choose EC2, and then click on Next: Permissions.
4. On the next page, a search bar will appear in which type AmazonEC2RoleforSSM, a policy list will appear click on the AmazonEC2RoleforSSM policy and click on next: Tags
5. Tags are optional, if you don’t want to add tags click on next. After this, a review page will appear where you have to type in the role name and role description. After reviewing click on create role.
Step 3: Run System Manager
1. Open System Manager service on AWS console. On the right side column under Instances and Nodes click on Managed Instance.
2. On the Managed instances page, in the Actions drop-down select Run Command.
3. On the Run a command page, click in the search bar and select Document name prefix, then click on Equal, then type in AWS-UpdateSSMAgent. Now click the button on the left of AWS-UpdateSSMAgent. This document upgrades the Systems Management agent on that instance.
4. Scroll down to the Targets panel and click the checkbox next to your managed EC2 instance.
5. Scroll down and select Run.
Next, you will see a page documenting the command that you provided being actively run and overall success in green.