1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
If you are running EC2 in a private subnet, you can use Systems Manager functionality by creating a NAT Gateway or a VPC endpoint as described in the document below.
However, if you are accessing S3 or DynamoDB from EC2, you will also need to create a VPC endpoint for S3 or DynamoDB.
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html
Also, if you are running Automation, I think it is possible to call it from Lambda or Eventbridge scheduler instead of from EC2, so you may want to consider using this.
https://docs.aws.amazon.com/systems-manager/latest/userguide/running-automations-event-bridge.html
Relevant content
- Accepted Answerasked 3 months ago
- asked 5 months ago
- asked 3 months ago
AWS OFFICIALUpdated 6 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Hello, thanks for response. I want to run sh script to perform admin functions on ec2. So I have master sh script which is invoked by ssm run command, then master script downloads actual script from s3 and pass control to that script and at the end, update ddb to store status.
I am thinking if ssm agent is able to talk to ssm service, then it sbould be possible to execute ssm automation from awwcli commands within ec2.
I searched additionally, there is command to execute or invoke ssm automation , I am going to try that.
Purpose is to avoid gateway endpoint as it is region specific and interace Endpoint has cost
To use the ssm run command to run scripts in EC2, EC2 must be registered as a managed instance in Systems Manager. To register as a managed instance, SSM Agent must be able to communicate with Systems Manager, so if you are running EC2 in a private subnet, you will need to configure a NAT Gateway or VPC endpoint.