Run Commands through EC2 Systems Manager

Run Commands through EC2 Systems Manager

July 17, 2017 4 By Eric Shanks

In a previous post we covered the different capabilities and basic setup of EC2 Systems Manager, including the IAM roles that needed to be created and the installation of the SSM Agent. In this post we’ll focus on running some commands through the EC2 Systems Manager Console.

We’ve already got an Amazon Linux instance deployed within our VPC. I’ve placed this instance in a public facing subnet and it is a member of a security group that allows HTTP traffic over port 80.

Let’s deploy Apache and setup a very basic web server on this instance, but assume that we don’t have direct access to the instance. We can do this through EC2 Systems Manager and the Run Command capability. Here we can see my Linux Instance that I’ve tagged EC2SSM-Linux1, the security group is named WebServers, and we have a public IP Address. Click the “Run Command” link in the left hand corner of the screen.

On the Run a command screen, you can see a list of different types of command documents that can be used. Notice that they show you which platform they can be run on where some are Windows only, some are Linux only and some run on both. This screen will let you run docker commands, deploy packages, install updates and run scripts like we’ll do. I picked the AWS-RunShellScript for my machine.

Next, we need to specify which instance this command will run on. This is really nice because you can select an instance manually or by tags. You can see already how easy it is to manage multiple machines in this manner. We could deploy Apache on 50 servers all with a “Web” tag if we wanted to. For the purposes of this example though, a single instance will do so I’ll select my EC2-SSM-Linux1 instance. Note that you can also specify how many instances to run this command on at a time or a percentage and you can specify a number of errors to stop the process after.

In the command window I’ve entered some commands that installs Apache and downloads my very basic web files before starting the apache service. Lastly I added a comment for the command so I can identity it in the Run Command console.

Once you get through the sections above, you’ll have an advanced options section which would allow you to grab the commands to use as part of the awscli tool. This is a really nice way for you to populate your git repo with some infrastructure as code stuff.


After the command is executed you’ll see it listed in the Run Command console.

If you’ve been following along since the initial setup post, you’ll also remember that I setup CloudWatch Events for the Run Command that pushed the info to an SNS topic that notifies me via email. I got an email with the details in it as well. This was an optional setup task.

If we check the public IP Address of our instance, we will hopefully see our web page displayed, all without logging into our instance.


This was a pretty basic example of how you can use the Run Command capability within the EC2 Systems Manager service but should give you a ton of ideas about how you can use it to manage your environment.