Amazon Web Services has added the ability to use the Elastic Compute Cloud (EC2)’s powerful “run command” feature with a single log-in to execute commands in multiple locations, including EC2 instances, on-premises servers or virtual machines (VMs) from other cloud providers. Without that ability, it was necessary to log onto each instance, server or VM separately.
“We are now opening up ‘run command’ to servers running outside of EC2,” wrote Chief AWS Evangelist Jeff Barr in a blog post.
“Run command” allows executing numerous tasks, including adding users or groups, configuring permissions, starting and stopping services, installing and uninstalling applications and managing updates. It reports and status and results of each command for each instance, server or VM. On-premises servers or VMs must be registered — a process that makes them what AWS calls managed instances — before they can be configured with “run command.”
“Run command” is part of AWS’s Simple Systems Manager (SSM) API. It can be used with SSM documents — text files that specify actions to be performed. AWS advises that, when giving a user access to “run command,” the best practice is to start with a policy of least privilege, and create different SSM documents that allow the user to do a minimum number of tasks. For example, you could specify the name of a specific service on an instance so that a run-command user could restart only that service, AWS advised.
