Hello AWS aspirants, hope you are doing well with your AWS Certified Security Specialty exam preparation. To help you with your preparation, here we bring another topic “How to use AWS Systems Manager to Run Commands on EC2 Instances” with simple use case scenario. This topic addresses Infrastructure Security domain highlighted in the blueprint of the AWS Certified Security Specialty exam guide. Infrastructure domain has the maximum weight i.e. 26% in the AWS Security Specialty certification exam.
So, let’s get started with a problem statement and understand the solution.
Let’s consider the following simple architecture that is adopted for hosting applications on the AWS Cloud.
So here we have the following
- An EC2 instance running a web server in the private subnet in a VPC
- A bastion host running in the public subnet in a VPC
- The IT Administrators normally uses the bastion host to connect and administer the web server in the private subnet.
But sometimes, the IT Security department could also see the bastion host as a threat and possible area of attack. So how can we reduce the surface of attack on the above architecture?
Solution: Using AWS Systems Manager to Run Commands on EC2 Instances
AWS gives us the ability to use the AWS Systems Manager for this. In AWS Systems Manager, we have the Run command. So, let’s look at how we can use the AWS Systems Manager to run commands to install Nginx which is a web server on a Linux EC2 Instance.
Step 1) First ensure that the AWS Systems Manager agent is running on the EC2 Instance. You can do this by attaching a boot script to install the agent when the instance is first launched.
The agent is required to communicate with the AWS Systems Manager. Once the agent is in place, when you go to the Systems Manager, you will actually see the instance as a managed instance in the inventory in AWS Systems Manager.
Step 2) To run a command, go to the “Run Command” section and click on Run Command
Step 3) Next, we need to choose the type of document that needs to be run on the system
For installing or running commands on a Linux based system, we can use the AWS-RunShellScript document
Step 4) Next, ensure to select your target Linux machine. This is where you want to run the command
Step 5) Next, in the Command parameters, specify the commands that need to be run. So here we are installing nginx which is a web server on the Linux based machine.
Step 6) You can then specify a timeout for the command and then run the command
Once the Run command is sent, you will get the relevant notification
Once the command has run successfully you will get a Success overall status
Once you go to the server, you will now see the web server installed.
Other Helpful Resources
How to Use a Central CloudTrail S3 Bucket for Multiple AWS Accounts?
How to Set Right Inbound & Outbound Rules for Security Groups and NACLs?
Working With IAM and Bucket Policies
How to Grant Access to AWS Resources to the Third Party via Roles & External Id?
- The AWS Systems Manager service can be used to run commands on EC2 Instances
- Consider this rather than using the bastion host to work with EC2 Instances and opening ports which can make your architecture vulnerable to attacks
- You need to ensure the SSM agent is installed on the machine for allowing the Run command to work.
Hope this problem statement has helped you understand how to use AWS systems manager to run commands on EC2 instances. It is important to cover this topic for your AWS Certified Security Specialty exam preparation. Understanding this topic will help you cover a big weight of the exam objectives and thus will pass the exam with good scores.
Whizlabs blog, as one of the top AWS blogs, is dedicated to helping AWS professionals in their certification exam preparation. If you are stuck with any topic, just mention in the comment box, we’ll cover that for you.
Also, our practice tests and online courses are considered one of the best in the industry. If you think you are done with your preparation, just try AWS Security Specialty practice tests and check your preparation level.
Having any query in your AWS Security Specialty exam preparation? Write in Whizlabs Forum, and get it resolved by the certified experts.
- Understanding IAM Roles for AWS Lambda Function - May 24, 2019
- How did I Pass AWS Certified Developer Associate (AWS CDA) Exam? - April 9, 2019
- Acquisition of CloudEndure by Amazon Web Services is Confirmed - February 12, 2019
- How to Create a Backup Plan using AWS Backup Service? - February 4, 2019
- Amazon WorkLink – Secure Access to Internal Websites and Apps - February 1, 2019