Blog Amazon Web Services How to Use AWS Systems Manager to Run Commands on EC2 Instances?
AWS Systems Manager

How to Use AWS Systems Manager to Run Commands on EC2 Instances?

Hello AWS aspirants, hope you are doing well with your AWS Certified Security Specialty exam preparation. To help you with your preparation, here we bring another topic “How to use AWS Systems Manager to Run Commands on EC2 Instances” with simple use case scenario. This topic addresses Infrastructure Security domain highlighted in the blueprint of the AWS Certified Security Specialty exam guide. Infrastructure domain has the maximum weight i.e. 26% in the AWS Security Specialty certification exam.

So, let’s get started with a problem statement and understand the solution.

Try Now: AWS Certified Security Specialty Free Tests

Problem Statement

Let’s consider the following simple architecture that is adopted for hosting applications on the AWS Cloud.

aws architecture

So here we have the following

  • An EC2 instance running a web server in the private subnet in a VPC
  • A bastion host running in the public subnet in a VPC
  • The IT Administrators normally uses the bastion host to connect and administer the web server in the private subnet.

But sometimes, the IT Security department could also see the bastion host as a threat and possible area of attack. So how can we reduce the surface of attack on the above architecture?

Solution: Using AWS Systems Manager to Run Commands on EC2 Instances

AWS gives us the ability to use the AWS Systems Manager for this. In AWS Systems Manager, we have the Run command. So, let’s look at how we can use the AWS Systems Manager to run commands to install Nginx which is a web server on a Linux EC2 Instance.

Step 1) First ensure that the AWS Systems Manager agent is running on the EC2 Instance. You can do this by attaching a boot script to install the agent when the instance is first launched.

The agent is required to communicate with the AWS Systems Manager. Once the agent is in place, when you go to the Systems Manager, you will actually see the instance as a managed instance in the inventory in AWS Systems Manager.

AWS Systems Manager Step 2) To run a command, go to the “Run Command” section and click on Run Command

AWS Systems Manager

Step 3) Next, we need to choose the type of document that needs to be run on the system

AWS Systems Manager

For installing or running commands on a Linux based system, we can use the AWS-RunShellScript document

Step 4) Next, ensure to select your target Linux machine. This is where you want to run the command

AWS Systems Manager

Step 5) Next, in the Command parameters, specify the commands that need to be run. So here we are installing nginx which is a web server on the Linux based machine.

AWS Systems Manager

Step 6) You can then specify a timeout for the command and then run the command

AWS Systems Manager   Once the Run command is sent, you will get the relevant notification

AWS Systems Manager

Once the command has run successfully you will get a Success overall status

AWS Systems Manager

Once you go to the server, you will now see the web server installed.

AWS Systems Manager

Other Helpful Resources
How to Use a Central CloudTrail S3 Bucket for Multiple AWS Accounts?
How to Set Right Inbound & Outbound Rules for Security Groups and NACLs?
Working With IAM and Bucket Policies
How to Grant Access to AWS Resources to the Third Party via Roles & External Id?


  • The AWS Systems Manager service can be used to run commands on EC2 Instances
  • Consider this rather than using the bastion host to work with EC2 Instances and opening ports which can make your architecture vulnerable to attacks
  • You need to ensure the SSM agent is installed on the machine for allowing the Run command to work.

Hope this problem statement has helped you understand how to use AWS systems manager to run commands on EC2 instances. It is important to cover this topic for your AWS Certified Security Specialty exam preparation. Understanding this topic will help you cover a big weight of the exam objectives and thus will pass the exam with good scores.

Whizlabs blog, as one of the top AWS blogs, is dedicated to helping AWS professionals in their certification exam preparation. If you are stuck with any topic, just mention in the comment box, we’ll cover that for you.

Also, our practice tests and online courses are considered one of the best in the industry. If you think you are done with your preparation, just try AWS Security Specialty practice tests and check your preparation level.

Having any query in your AWS Security Specialty exam preparation? Write in Whizlabs Forum, and get it resolved by the certified experts.

About Pavan Rao

Programmer / Developer by Profession and Cloud Computing Professional by choice with in-depth knowledge in AWS, Azure, Google Cloud Platform. - "May the Force of Cloud Computing be with You"
Spread the love


Please enter your comment!
Please enter your name here