Manage Amazon EC2 Instances Remotely
You can use the Simple Systems Manager (SSM) Run Command feature to securely and remotely manage the configuration of your Amazon EC2 instances. Run Command provides a simple way of performing common administrative tasks without having to log on locally to the instance desktop. You can manage configuration changes across a fleet of instances by simultaneously executing commands on multiple instances. Run Command reports the status and results of each command.
Note
For information about SSM Run Command for Windows, see Manage AWS EC2 Instances Remotely in the Amazon EC2 User Guide for Microsoft Windows Instances. For information about the SSM Run Command API, see Amazon EC2 Simple Systems Manager API Reference.
Here are some examples of the types of tasks you can perform with Run Command:
Run shell scripts
Add users or groups and configure permissions
View all running services
Stop or start services
View system resources
View log files
Perform file operations
Install or uninstall applications
Using Amazon EC2 Run Command
Run Command uses pre-defined SSM documents. You determine the changes you want to make on the instance and select the pre-defined SSM document to perform the operation. For example, you can use the AWS-RunShellScript document to execute shell scripts on an instance.
When you execute a command, the agent on the instance uses the AWS Identity and Access Management (IAM) role to access the Run Command service. The Amazon SSM agent running on the instance processes the command, configures the instance as specified, and logs the output and results. Run Command stores the command history for 30 days. The information is also stored in AWS CloudTrail and remains available until you delete the data. For more information, see Auditing API Calls in the Amazon EC2 Simple Systems Manager API Reference.
Sending Commands
When you send a command, Run Command attempts to execute the command once. You can send multiple commands at the same time. Commands execute asynchronously. The system manages the queuing, execution, cancellation, and reporting of each command. However, the order of command execution is not guaranteed. By default, Run Command uses throttle limits to ensure that no more than 60 commands are issued per minute per instance. If an instance is not running or is unresponsive when you execute a command, the system queues the command and attempts to run it when the instance is responsive. By default, the system will queue a command and attempt to run it for up to 31 days after request. For more information about command status, see Monitoring Commands.
Using IAM, you can control which commands a user or group of users can perform on one or more instances. For more information about restricting access to Run Command, see Delegating Access to SSM Run Command.
Contents
- SSM Run Command Prerequisites
- Configuring IAM Roles and Users for SSM Run Command
- Configuring the SSM Agent
- Delegating Access to SSM Run Command
- Executing a Command with SSM Run Command
- Viewing Command Output in the Amazon EC2 Console
- Creating Your Own Command
- SSM Run Command Walkthroughs
- Cancelling a Command
- Monitoring Commands
- Troubleshooting SSM Run Command
