EC2 Run Command Update – Hybrid and Cross-Cloud Management
We launched EC2 Run Command late last year (read my post, New EC2 Run Command – Remote Instance Management at Scale to learn more). This feature was designed to allow developers, system administrators, and other IT professionals to easily and efficiently manage multiple EC2 instances running Windows or Linux. As I explained in my original post, you can simply choose the desired command, select the desired instances by attributes, tags, or keywords, and then run the command on the selected instances. EC2 Run Command provides access to the output of the command and also retains a log so that you can see which commands were run on which instances. Last month we made EC2 Run Command even more useful by giving you the ability to create, manage, and share command documents with your colleagues or with all AWS users.
Our customers have taken a liking to EC2 Run Command and are making great use of it. Here are a few of the use cases that have been shared with us:
- Create local users and groups.
- Scan for missing Windows updates and install them.
- Install all applicable Windows updates.
- Manage (start, stop, restart) services.
- Install packages and applications.
- Access local log files.
Hybrid and Cross-Cloud Management
Many AWS customers also have some servers on-premises or on another cloud, and have been looking for a single, unified way to manage their hybrid environment at scale. In order to address this very common use case, we are now opening up Run Command to servers running outside of EC2.
We call these external servers Managed Instances. You can install the AWS SSM Agent on your external servers, activate the agent on each server, and then use your existing commands and command documents to manage them (you can also create new documents, of course).
The agent runs on the following operating systems:
- Windows Server (32 and 64 bit) – 2003-2012, including R2 versions (more info).
- Linux (64 bit) – Red Hat Enterprise Linux 7.1+, CentOS 7.1+ (more info).
If you run a virtualized environment using VMware ESXi, Microsoft Hyper-V, KVM or another hypervisor, you can install the agent on the guest operating system(s) as desired.
For simplicity, the agent needs nothing more than the ability to make HTTPS requests to the SSM endpoint in your desired region. These requests can be direct, or can be routed through a proxy or a gateway, as dictated by your network configuration. When the agent makes a request to AWS, it uses an IAM role to access the SSM API. You’ll set up this role when you activate your first set of servers.
The agent sends some identifying information to AWS. This information includes the fully qualified host name, the platform name and version, the agent version, and the server’s IP address. All of these values are stored securely within AWS, and will be deleted if you choose to unregister the server at some point in the future.
Setting up Managed Instances
The setup process is simple and you should be up and running pretty quickly. Here are the steps:
- Open up the EC2 Console, locate the Commands section, and click on Activations to create your first activation code. As part of this process the Console will prompt you to create the IAM role that I described above:
- Enter a description for the activation, choose a limit (you can activate up to 1000 servers at a time), set an expiration date, and assign a name that will help you to track the Managed Instances in the Console, then click on Create Activation:
- Capture the Activation Code and the Activation ID:
- Install the SSM Agent on the desired servers, and configure it using the values that you saved in the previous step. You simply download the agent, install it, and then enter the values, as detailed in the installation instructions.
- Return to the console and click on Managed Instances to verify that everything is working as expected:
Running Commands on Managed Instances
Now that your instances are managed by AWS, you can run commands on them. For example:
The status of the commands, along with the output, is available from the Console:
To learn more, read Manage Amazon EC2 Instances Remotely.
This feature is available now and you can start using it today in all AWS Regions where Run Command is available (see the Run Command page for details). I am looking forward to hearing how you have put it to use in your environment; leave me a comment and let me know how it works out for you!