Zoran's Blog: AWS System Manager

https://aws.amazon.com/ec2/systems-manager/
http://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html
http://docs.aws.amazon.com/cli/latest/reference/ssm/index.html#cli-aws-ssm
AWS System Manager is a fully managed, free service which is part of EC2. It can be used to manage Linux/Windows servers in AWS or on-premises either using the AWS console or using CLI:

1. Add AmazonEC2RoleforSSM and AmazonSSMAutomationRole policy to your instance's role:

2. Install ssm agent:
# yum install -y https://amazon-ssm-ap-southeast-2.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm
3. Add proxy to /etc/init/amazon-ssm-agent.conf
env http_proxy=http://host:port

env https_proxy=http://host:port

env HTTP_PROXY=http://host:port

env HTTPS_PROXY=http://host:port

env no_proxy=169.254.169.254

4. Check status:
status amazon-ssm-agent
5. Restart:
restart amazon-ssm-agent

$ aws ssm send-command --document-name "AWS-RunShellScript" --instance-ids "i-0c06f8a30ab6aaaaa" "i-0f2ce4af1bbbb" --parameters '{"commands":["hostname;ls -l"],"executionTimeout":["3600"]}' --timeout-seconds 600 --region ap-southeast-2
$ aws ssm send-command --document-name "AWS-RunShellScript" --targets '{"Key":"tag:Environment","Values":["test"]}' --parameters '{"commands":["hostname","id","ps -ef"],"executionTimeout":["3600"]}' --timeout-seconds 600 --region ap-southeast-2
$ aws ssm send-command --document-name "AWS-RunShellScript" --targets '{"Key":"tag:Environment","Values":["test"]}' --parameters '{"commands":["hostname","ps -ef"],"executionTimeout":["3600"]}' --comment "who" --timeout-seconds 600 --output-s3-bucket-name "mys3bucket" --output-s3-key-prefix "ssm-output" --region ap-southeast-2
$ aws ssm describe-instance-information --region ap-southeast-2
$ aws ssm describe-instance-information --filters "Key=InstanceIds,Values=i-0c06f8a30ab6aaaaa" --region ap-southeast-2
$ aws ssm list-commands --command-id e363564d-c0c5-4d10-8b73-ebb012f4b49d --region ap-southeast-2
$ aws ssm list-commands --region ap-southeast-2 | jq -r -c '.Commands[] | "\(.CommandId),\(.Comment),\(.Status),\(.DocumentName),\(.TargetCount),\(.CompletedCount),\(.RequestedDateTime),\(.InstanceIds),\(.Targets[0].Key),\(.Targets[0].Values),\(.OutputS3BucketName)"'
$ aws ssm list-command-invocations --command-id e363564d-c0c5-4d10-8b73-ebb012f4b49d --detail --region ap-southeast-2
$ aws ssm list-command-invocations --command-id e363564d-c0c5-4d10-8b73-ebb012f4b49d --detail --region ap-southeast-2 | jq -r -c '.CommandInvocations[] | "\(.CommandPlugins[0].Output)"
$ aws s3 cp \
s3://mys3bucket/ssm-output/3a9457b8-d2ad-430c-99c2-6d82380268c8/i-c06f8a30ab693830/awsrunShellScript/0.awsrunShellScript/stdout i-0c06f8a30ab693830

For Windows:
1. Add the SSM polocy as for Linux, as above
2. Configure EC2Config to use the proxy, going with the AWS SDK for .NET method in
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_WinAMI.html#ec2config-proxy without needing to use the username and password attributes
3. Restart the EC2Config service

Zoran's Blog

Friday, 15 September 2017

AWS System Manager

No comments:

Post a Comment