Hand-On — Amazon System Manager

Introduction

In this Medium story, we will explore the power of AWS Systems Manager and utilize some of the tools available within SSM. According to AWS documentation, AWS Systems Manager serves as the operations hub for AWS applications and resources, providing a secure end-to-end management solution for hybrid and multicloud environments, enabling secure operations at scale.

SSM encompasses various categories with different capabilities, including:

• Application management
• Change management
• Node management
• Operations management
• Quick Setup
• Shared resources

We will focus on Run Command located within Node Management. According to AWS documentation:

Run Command: Run Command, another capability of AWS Systems Manager, facilitates remote and secure management of the configuration of managed nodes. A managed node refers to any Amazon Elastic Compute Cloud (Amazon EC2) instance or non-EC2 machine in your hybrid and multicloud environment configured for Systems Manager. Run Command enables the automation of common administrative tasks and the execution of one-time configuration changes at scale.

It’s important to note the AWS Systems Manager Agent (SSM Agent), as per AWS documentation. SSM Agent is Amazon software that operates on Amazon EC2 instances, edge devices, on-premises servers, and virtual machines (VMs). It allows Systems Manager to update, manage, and configure these resources.

Prerequisites

Create AWS Account. I already have AWS Account, so I won’t be creating a new one.

Create 10 EC2 Instances with SSM Agent

1. Through the AWS Console, go to EC2 Dashboard, and from the left-hand side, choose Instances.

2. Click on Launch instance button.

3. From Name and tags, don’t provide a name for the instances. From Application and OS Images (Amazon Machine Image), choose Amazon Linux 2023. Instance type needs to be t2.micro. From Key Pair, choose Proceed without a key pair. From Network Settings select Create Security Group, UNSELECT Allow SSH traffic from and Select Allow HTTP traffic from the internet. Don't touch Configure storage. From Advanced details go to IAM instance profile and select Create new IAM profile.

4. A new window will open where we will create an IAM role containing a policy with enough permissions for the instance to be managed by SSM. Click the Create role button.

5. From Use case select EC2 and click the Next button.

6. Search for AmazonSSMManagedInstanceCore policy and select it. Click the Next button.

7. Name your role, add Description and click the Create role button.

8. If you have successfully created your role, go back to Advanced details in EC2 and choose your role for IAM instance profile.

9. From right-hand side, in the Number of instances field, enter the number of instances you want to launch. I will launch 4. Click the Create instance.

10. My instances are now UP and RUNNING. The SSM Agent is automatically installed on instances because we are using Amazon Linux 2023.

Let’s summarize: We have launched 10 EC2 instances, leaving inbound port 80 open to later install Nginx.We haven’t added SSH access to the instances, but we have added roles for SSM. This allows us to install Nginx via Run Command through SSM.

Add Tags

1. Select the first instance, go to Tags, and then click on the Manage tags button.

2. Enter a Keys Name and Environment and Values MyDevInstance and Development. Then click the Save button. Repeat this step for next 2 Instances.

3. If you’ve completed everything correctly, the first 2instances should look like this:

4. Select the next instance without tags and enter a Keys Name and Environment and Values MyProdInstance and Production. Then click the Save button. Repeat this step for next 2 Instances.

5. If you’ve completed everything correctly, Instances should look like this:

Let’s summarize: Now that we have added tags to the instances, 5 instances are for the Development environment, and 5 are for the Production environment. It will be much easier for us to manage our instances with this tagging system.

Create Document in System Manager

1. Go to Amazon System Manager, and from left-hand side under the Shared Resources select Documents.

2. Click the Create Document button and select Command and Session .

3. Create new document with these Document details:

• Name: NginxInstall
• Target type: /AWS::EC2::Instance
• Document type: Command

In the Content section select YAML and paste the following code:

---
schemaVersion: "2.2"
description: Sample YAML template to install Nginx
parameters:
  Message:
    type: "String"
    description: "Welcome message"
    default: "Hello Friend"
mainSteps:
- action: aws:runShellScript
  name: ConfigureNginx
  inputs:
    runCommand:
    - 'sudo yum install nginx -y'
    - 'sudo systemctl start nginx'
    - 'sudo systemctl enable nginx'
    - 'echo "{{Message}} from $(hostname -f)" > /usr/share/nginx/html/index.html'

4. Click the Create document button.

Let’s summarize: We have created a document containing the installation commands for Nginx. Now, we can execute this document through Run Command.

Run Document using Run Command

1. Go to Amazon System Manager, and from left-hand side select Run Command.

2. Click the Run command button.

3. Find and Select your Document.

4. Under the Target selection select Specify instance tags (You can use Choose instances manually also). Specify instance tags, Tag key is Environment, Tag value is Development and click Add button.

5. Under Output options select as in the picture:

6. Under Output options I will unselect Enable an S3 bucket (Optional)

7. Click the Run button.

8. The Run command was executed successfully!

9. Copy Public IP of first EC2 Development instance and paste it in your browser.

10. Copy Public IP of second EC2 Prod instance and paste it in your browser.

Let’s summarize: As we can see, Nginx has been installed, and there is a message on the Development instances that we tagged. We used the Run Command to execute the previously created document.

11. If you wish, create a new YAML document and execute it through the Run Command on the Production instances. I will not repeat the previous commands; I will only provide the results of executing the Run Command.

Let’s summarize: As you can see, there is a slightly different message on the Production instances. This way, with just a few clicks, we have installed Nginx on all instances. Imagine having dozens of instances and having to go to each one to install Nginx or something else. With Run Command, it sometimes takes only a few seconds.

Conclusion

Imagine having dozens of instances and needing to individually install something on each one (In our demo, the focus was on Nginx). This would take a considerable amount of time and is not practical at all. However, there are many solutions for installing specific things on multiple instances. AWS through SSM offers a lot in this regard. The option that I find most interesting is Run Command, which allows you to execute commands, among other things, on EC2 instances. With this demo, I wanted to introduce you to SSM and Run Command.