- Newest
- Most votes
- Most comments
Hi,
AWS Systems Manager does exactly what you need here. Please follow Walkthrough: Use the AWS CLI with Run Command step by step and you'd be easily able to do what you want to run on EC2 machine through SSM.
Here below is how would you do it:
-
Attach an IAM role to instance: The ec2 instance should have an IAM role with policy AmazonSSMFullAccess. This would enable instance to communicate with the Systems Manager API.
-
Install SSM Agent: Install SSM agent on EC2 instance. The SSM Agent process the run command requests & configure the instance as per command.
-
Run command through CLI something like as below: aws ssm send-command --document-name "AWS-RunShellScript" --comment "running processes" --instance-ids "Instance-ID" --parameters commands="pe -ef" --region us-east-1 --output text
If you don't want to this way, you can always ssh to ec2 and then you are technically on EC2 instance and can run whatever you need.
ec2-instance-connect is less flexible compared to ssh command. With ssh command you can run your commands line by line or pipe them to the ssh command but you cannot do that with EC2 Instance Connect. To see how to connect to your EC2 instance using ssh, you can look here.
The EC2 instance I made is configured with VPC, Subnet, Security Group with permissions ( All traffic ) for SSH and a User with the necessary permissions to interact with the private EC2. I tried to establish a connection via ssh from the command line ( ssh -i "keypair.pem" ec2-user@myipprivado ) and it doesn't connect? The Key Pair has chmod 400 permission and the connection path is correct, I don't know why I can't establish a connection with the instance ?
Relevant content
- asked a year ago
- asked 3 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 14 days ago
- AWS OFFICIALUpdated 24 days ago
In my root account, I assign permission ( AmazonSSMFullAccess ) to a certain private user.
Inside the .sh file I defined command for:
Note: After I establish the connection with the EC2 instance by viewing the access via the terminal, I notice that the linux command embedded in the aws cli has not been executed? Below is the sequence of the command lines ( AWS ), embedded in the linux shell script file : ...
Connect to an instance using the instance ID and an EC2 Instance Connect Endpoint
aws ec2-instance-connect ssh --instance-id $instance_id --connection-type eice --region us-east-1 aws ssm send-command --instance-ids $instance_id --document-name "AWS-RunShellScript" --parameters '{"commands":["sudo su"]}' --region us-east-1 --output text aws ssm send-command --instance-ids $instance_id --document-name "AWS-RunShellScript" --parameters '{"commands":["cd /"]}' --region us-east-1 --output text aws ssm send-command --instance-ids $instance_id --document-name "AWS-RunShellScript" --parameters '{"commands":["ls"]}' --region us-east-1 --output text
0v0 ( Remembering that the SSM Agent was successfully installed and is running as a service. )
Hey John, You should use aws ec2-instance-connect send-ssh-public-key instead of just ssh. Refer cli-aws-ec2-instance-connect
After installing the SSM agent on ec2, I exactly did, what you listed here and it worked absolutely fine for me.
aws ec2-instance-connect send-ssh-public-key --instance-id $instance_id --instance-os-user ec2-user --availability-zone us-east-1d --ssh-public-key file:///Users/abc/.ssh/id_rsa.pub --region us-east-1 --profile <awscli_profile_name> aws ssm send-command --instance-ids $instance_id --document-name "AWS-RunShellScript" --parameters '{"commands":["sudo su"]}' --region us-east-1 --profile <awscli_profile_name> --output text aws ssm send-command --instance-ids $instance_id --document-name "AWS-RunShellScript" --parameters '{"commands":["cd /"]}' --region us-east-1 --profile <awscli_profile_name> --output text aws ssm send-command --instance-ids $instance_id --document-name "AWS-RunShellScript" --parameters '{"commands":["ls"]}' --region us-east-1 --profile <awscli_profile_name> --output text
Let me know how it works for you.
I tried and got the following message:
Connecting to Account (AWS). . . Connection established to account ( AWS ).
{ "RequestId": "xxxxxxxxxxxxxxxxxxxxx", "Success": true }
An error occurred (InvalidInstanceId) when calling the SendCommand operation: Instances [[i-xxxxxxxxxxxxxxxxxx]] not in a valid state for account xxxxxxxxxxxxxxxxxx