Used Car Quote

Used Car Buying Tips – info on getting your best deal Buying new cars, used car tips and resources for a great deal…

Introducing Run Command in EC2

To perform updates, patches, restart a process, or run a specific powershell script in a Windows based EC2 instance, we need to log into the machine and make the necessary changes. This can be cumbersome when managing large numbers of machines in a production environment. AWS has now added a Command feature to EC2. This makes our lives easier.
Run Command Features
This feature allows us to perform system administrator tasks on Windows-based EC2 machines. Run Command currently supports the following actions.
Configuring Cloud Watch
Windows Update Configuration
Install an Application
Install PowerShell Module
Register for an EC2 instance and get a Directory Service Domain
Run a PowerShell script
Update EC2 config
Security of Run Command
Run Command runs directly from AWS console. No username or password is required to access instances. This raises questions about how secure this feature is. Run Command integrates with IAM roles and policies. Every command that is run with Run Command is saved in CloudTrail. It also remains in the Console until 30 days.
Run Command displays the output in the console only for 2500 characters. The rest of the output is truncated. To keep track of all commands and their detailed output, we can integrate it into S3 and store the output as logs in an S3 bucket.
To run a PowerShell Script, use the Run Command
We will see how to use the Run Command feature on an EC2 instance to run a PowerShell command.
These are the prerequisites for setting up the EC2 instance to run the Run command.
Log in to the AWS Management console and open IAM.
Choose Policies from the left pane.
Click on the Select button to create your policy.
Enter a Policy name (runcommand–policy) and a description.
Write the following policy in the Policy Document fieldruncommand-policyJavaScript “Version”: “2012-10-17”, “Statement”: [ “Effect”: “Allow”, “Action”: [ “ssm:DescribeAssociation”, “ssm:GetDocument”, “ssm:ListAssociations”, “ssm:UpdateAssociationStatus”, “ssm:UpdateInstanceInformation” ], “Resource”: “*” , “Effect”: “Allow”, “Action”: [ “ec2messages:AcknowledgeMessage”, “ec2messages:DeleteMessage”, “ec2messages:FailMessage”, “ec2messages:GetEndpoint”, “ec2messages:GetMessages”, “ec2messages:SendReply” ], “Resource”: “*” , “Effect”: “Allow”, “Action”: [ “ec2:DescribeInstanceStatus” ], “Resource”: “*” , “Effect”: “Allow”, “Action”: [ “logs:CreateLogGroup”, “logs:CreateLogStream”, “logs:DescribeLogGroups”, “logs:DescribeLogStreams”, “logs:PutLogEvents” ], “Resource”: “*” , “Effect”: “Allow”, “Action”: [ “s3:PutObject”, “s3:GetObject”, “s3:AbortMultipartUpload”, “s3:ListMultipartUploadParts”, “s3:ListBucketMultipartUploads” ], “Resource”: “*” ]123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657{“Version”: “2012-10-17″,”Statement”: [“Effect”: “Allow”,”Action”: [“ssm:DescribeAssociation”,”ssm:GetDocument”,”ssm:ListAssociations”,”ssm:UpdateAssociationStatus”,”ssm:UpdateInstanceInformation”],”Resource”: “*”,{“Effect”: “Allow”,”Action”: [“ec2messages:AcknowledgeMessage”,”ec2messages:DeleteMessage”,”ec2messages:FailMessage”,”ec2messages:GetEndpoint”,”ec2messages:GetMessages”,”

Back to top