AWS EC2 Run Command Enhancements for Greater Control and Reliability through Automation

Austin DevOps and Security AWS

Automating common administrative tasks to improve workload reliability and decrease potential risk is a common theme our consultants at Flux7 help our clients with. Doing so simplifies administration, encourages security through consistency and helps improve control over users and permissions. Amazon launched EC2 Run Command in October 2015 to help attain these benefits.

Specifically, EC2 Run Command provides a simple way of automating common administrative tasks like installing software or patches, running shell commands, performing operating system changes, managing local groups and users, altering configuration files and more in Windows instances. Two months later, in December 2015, they released the same feature for Linux instances.

Run Command allows users to execute commands at scale and provides visibility into the results, making it easy to manage instances. Run Command is accessible through the Commands page in the Amazon EC2 console or through the AWS CLI.

In May 2016, AWS updated the Run Command service to make it even better. Let’s walk through the new features:

  1. Document Management & Sharing
    A command document is a JSON file that includes the information (description and explanation) about the command you want to run. If you have any command documents which you execute using EC2 Run Command, you can now manage and share them. This lowers the chance of errors and variability in your system.


    By clicking on a document, you can examine its function and parameters before running it. You can also share it publicly or privately with other AWS accounts.
  1. Additional Predefined Commands
    The Command document menu contains several predefined commands, along with any custom commands that users have created for their accounts:


    Linux

    AWS-RunShellScript
    to run shell scripts
    AWS-UpdateSSMAgent to update the Amazon SSM agent
     
    Windows

    AWS-JoinDirectoryServiceDomain to join an AWS Directory
    AWS-RunPowerShellScript to run PowerShell commands or scripts
    AWS-UpdateEC2Config to update the EC2Config service
    AWS-ConfigureWindowsUpdate to configure Windows Update settings
    AWS-InstallApplication to install, repair, or uninstall software using an MSI package
    AWS-InstallPowerShellModule to install PowerShell modules
    AWS-ConfigureCloudWatch to configure Amazon CloudWatch Logs to monitor applications and systems
     
    However, many AWS customers use Run Command to maintain and administer EC2 instances that are running Microsoft Windows. Therefore, AWS has added four new commands designed to simplify and streamline some common operations:

    AWS-ListWindowsInventory
    to collect information about an EC2 instance running in Windows.
    AWS-FindWindowsUpdates to scan an instance and determine which updates are missing.
    AWS-InstallMissingWindowsUpdates to install missing updates on your EC2 instance.
    AWS-InstallSpecificWindowsUpdates to install one or more specific updates.
  2. Linux Open Source SSM Agent
    Run Command makes use of an agent (amazon-ssm-agent) that runs on each instance. The agent uses SSM documents. When you execute a command, the agent on the instance processes the document and configures the instance as specified.

    amazon-ssm-agent is available for all Windows builds but for specific Linux distributions:


    Amazon Linux AMI (64 bit) – 2015.09, 2015.03, 2014.09, and 2014.03.
    Ubuntu Server (64 bit) – 14.04 LTS, 12.04 LTS
    Red Hat Enterprise Linux (64 bit) – 7.x
You can now download the source code for the Linux version of the agent here https://github.com/aws/amazon-ssm-agent.  And if you’d like to delve deeper into how AWS EC2 Run Command can play a role in your greater cloud strategy, reach out to us today. Our AWS experts would be happy to walk you through our award-winning assessment to pinpoint how AWS-based DevOps can benefit your organization.
 

Did you find this useful?  

Interested in getting tips, best practices and commentary delivered regularly? Click the button below to sign up for our blog and set your topic and frequency preferences.

Sign Me Up!

About the Author

Flux7 Labs
Find me on:

Join Us

Join thousands of technology enthusiasts, subscribe and get expert perspective in your inbox.

Connect With Us