Hello AWS aspirants, hope you are doing well with your AWS Certified Security Specialty exam preparation. To help you with your preparation, here we bring another topic “How to use AWS Systems Manager to Run Commands on EC2 Instances” with simple use case scenario. This topic addresses Infrastructure Security domain highlighted in the blueprint of the AWS Certified Security Specialty exam guide. Infrastructure domain has the maximum weight i.e. 26% in the AWS Security Specialty certification exam.
So, let’s get started with a problem statement and understand the solution.
Problem Statement
Let’s consider the following simple architecture that is adopted for hosting applications on the AWS Cloud.
So here we have the following
- An EC2 instance running a web server in the private subnet in a VPC
- A bastion host running in the public subnet in a VPC
- The IT Administrators normally uses the bastion host to connect and administer the web server in the private subnet.
But sometimes, the IT Security department could also see the bastion host as a threat and possible area of attack. So how can we reduce the surface of attack on the above architecture?
Solution: Using AWS Systems Manager to Run Commands on EC2 Instances
AWS gives us the ability to use the AWS Systems Manager for this. In AWS Systems Manager, we have the Run command. So, let’s look at how we can use the AWS Systems Manager to run commands to install Nginx which is a web server on a Linux EC2 Instance.
Step 1) First ensure that the AWS Systems Manager agent is running on the EC2 Instance. You can do this by attaching a boot script to install the agent when the instance is first launched.
The agent is required to communicate with the AWS Systems Manager. Once the agent is in place, when you go to the Systems Manager, you will actually see the instance as a managed instance in the inventory in AWS Systems Manager.
Step 2) To run a command, go to the “Run Command” section and click on Run Command
Step 3) Next, we need to choose the type of document that needs to be run on the system
For installing or running commands on a Linux based system, we can use the AWS-RunShellScript document
Step 4) Next, ensure to select your target Linux machine. This is where you want to run the command
Step 5) Next, in the Command parameters, specify the commands that need to be run. So here we are installing nginx which is a web server on the Linux based machine.
Step 6) You can then specify a timeout for the command and then run the command
Once the Run command is sent, you will get the relevant notification
Once the command has run successfully you will get a Success overall status
Once you go to the server, you will now see the web server installed.
Other Helpful Resources
How to Use a Central CloudTrail S3 Bucket for Multiple AWS Accounts?
How to Set Right Inbound & Outbound Rules for Security Groups and NACLs?
Working With IAM and Bucket Policies
How to Grant Access to AWS Resources to the Third Party via Roles & External Id?
Summary
- The AWS Systems Manager service can be used to run commands on EC2 Instances
- Consider this rather than using the bastion host to work with EC2 Instances and opening ports which can make your architecture vulnerable to attacks
- You need to ensure the SSM agent is installed on the machine for allowing the Run command to work.
Hope this problem statement has helped you understand how to use AWS systems manager to run commands on EC2 instances. It is important to cover this topic for your AWS Certified Security Specialty exam preparation. Understanding this topic will help you cover a big weight of the exam objectives and thus will pass the exam with good scores.
Whizlabs blog, as one of the top AWS blogs, is dedicated to helping AWS professionals in their certification exam preparation. If you are stuck with any topic, just mention in the comment box, we’ll cover that for you.
Also, our practice tests and online courses are considered one of the best in the industry. If you think you are done with your preparation, just try AWS Security Specialty practice tests and check your preparation level.
Having any query in your AWS Security Specialty exam preparation? Write in Whizlabs Forum, and get it resolved by the certified experts.
- Top 20 Questions To Prepare For Certified Kubernetes Administrator Exam - August 16, 2024
- 10 AWS Services to Master for the AWS Developer Associate Exam - August 14, 2024
- Exam Tips for AWS Machine Learning Specialty Certification - August 7, 2024
- Best 15+ AWS Developer Associate hands-on labs in 2024 - July 24, 2024
- Containers vs Virtual Machines: Differences You Should Know - June 24, 2024
- Databricks Launched World’s Most Capable Large Language Model (LLM) - April 26, 2024
- What are the storage options available in Microsoft Azure? - March 14, 2024
- User’s Guide to Getting Started with Google Kubernetes Engine - March 1, 2024
Hello,
Search AWS experts, have big problem. I am AWS victim. Extremely negative feeling. Attacker häcking my phone and pc. Steal all data and write in my name, IP, address and phonenumber. Have found AWS System on my phone, ec2 instance. I am fake and spot, abused and raped. Can not solve the problem and have no fun in my life. Please help me. Can not use useful or third party for fun. I give foreign mailadress. My mails are read.
Thank you for sharing the wonderful article. It is really a wonderful website and is really helpful.
It was a great knowledge about AWS. Keep on posting new blogs. thanks a lot.