Basic Steps:
Create IAM Role for Ec2 instance:
IAM > Roles > Trusted Entity Type: AWS Services > Common use cases : EC2 > Next > AmazonEC2RoleforSSM
Create EC2 instances > Select the Instance > Actions > Security > Modify IAM role
Access each instances and Install "amazon-ssm-agent"
FOr Redhat:
Makesure Python is installed. If not, yum install python3
sudo dnf install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
sudo systemctl status amazon-ssm-agent
sudo systemctl enable amazon-ssm-agent
3. AWS Systems Manager > Node management > Fleet Manager > Now we can show the servers comes under amazon-ssm-agent
Resource Group & Tage creation
Select Each EC2 instances > Tags > Managege Tages
Name: Environment: Team
AWS Resource Groups > Create Resource Group > Tag Based > Resource Type: AWS:EC2:Instances > Create Groups based on the Tags we created.
Run Commands
AWS Systems Manager > Shared Resources > Documents > Create document > Command or session> "Type a Name" > Content YAML
AWS show a sample script, we need to edit it like a following sample
schemaVersion: '2.2'
description: Sample YAML template to install Apache
parameters:
Message:
type: "String"
description: "Welcome Message"
default: "Hello World"
mainSteps:
- action: aws:runShellScript
name: configureApache
inputs:
runCommand:
- 'sudo yum update -y'
- 'sudo yum install -y httpd'
- 'sudo systemctl start httpd.service'
- 'sudo systemctl enable httpd.service'
- 'echo "{{Message}} from $(hostname -f)" > /var/www/html/index.html'
> Now Go back to AWS Systems Manager > Documents > Owned By Me > Click on the Document > Run Command > It will execute the commands in all servers in the selected AWS resource group.