Executing a Command with SSM Run Command
You can run commands on EC2 instances using the Commands page in the Amazon EC2 console. You can also execute commands using the CLI, or programmatically using the SSM API. For more information, see the Amazon EC2 Simple Systems Manager API Reference.
The commands available to you depend on the permissions your administrator specified for you. Any command that begins with AWS-* uses a pre-defined SSM document provided by AWS. A developer or administrator can create additional documents and provision these for you based on your permissions. For more information, see Creating SSM Documents.
Important
Only trusted administrators should be allowed to use Amazon pre-configured documents. The commands or scripts specified in SSM documents run with administrative privilege on your instances because the Amazon SSM agent runs as root. If a user has permission to execute any of the pre-defined SSM documents (any document that begins with AWS-*), then that user also has administrator access to the instance. For all other users, you should create restrictive documents and share them with specific users.
Run Command includes the following pre-configured SSM documents.
Amazon Pre-configured SSM documents for Linux
| Name | Description |
|---|---|
|
AWS-RunShellScript |
Run shell scripts |
|
AWS-UpdateSSMAgent |
Update the Amazon SSM agent |
