aws ssm automation


This blog will help you to deploy bash scripts or run linux commands on multiple servers at once.


Steps involved 

1. Create multiple EC2 machines 

2. Create IAM role for EC2 and attach SSM policy. 

3. Attach IAM role created in step 2 to EC2 machine 

4. Check in AWS SSM console if servers are showing or not in RUN command. 

5. Go to AWS SSM - select Run command and than select Shell script to run command on multiple linux machine at once 

6. Enter the bash script in the console 

7. Select the logs destination 

8. Deploy - check the in the console for status 



1. Create multiple EC2 machine 



Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Choose Launch Instance.
Choose an Amazon Machine Image (AMI), find an Amazon Linux 2 AMI at the top of the list and choose Select.
Choose an Instance Type, choose Next: Configure Instance Details.
Configure Instance Details, provide the following information:
Leave Number of instances at one.
Leave Purchasing option at the default setting.
For Network, choose the entry for the Default VPC
For Subnet, choose a default subnet in any Availability Zone.
Choose Next: Add Storage.
For File systems, choose EBS or leave the default option
Choose Next: Add Tags.
Name your instance and choose Next: 
Configure Security Group.
Configure Security Group, select port number 22 and port 80 in inbound and leave the outbound port as it is (port 80 require to check the apache server)
Select the keypair - create new keypair - name as per choice, download the keypair
Choose Review and Launch.
Choose Launch.


2. Create IAM role for EC2 and attach SSM policy. 


Open the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, choose Roles, and then choose Create role.
Select EC2 and than click on next permission 
Search SSMfullaccess policy from the list 
Name your Role - for eg. ec2role-ssm
Finish 


3. Attach IAM role created in step 2 to EC2 machine 

go to the EC2 machine created in the step 1.
from the console - ec2 - select the machine - go to action - security - select IAM role 
attach the IAM role created in step 2 for eg. ec2role-ssm
save the settings 


4. Check in AWS SSM console if servers are showing or not in Run command. 

go to aws console - services - search for ssm 
select Run command from the left side menu 
look-up for the instance attached with SSM role 

If instance is not showing - check step 2 and step 3 again 
if still problem make sure to stop and start the machine 


5. Go to AWS SSM - select Run command and than select Shell script to run command on multiple linux machine at once 

go to aws console - services - search for ssm 
select Run command from the left side menu 
search for AWS-RunShellScript




6. Enter the bash script in the console 



click on run command 
select description 
select document version 
now in command parameter enter the shell script 
---this script will install apache server------


#!/bin/bash
yum install httpd -y
service httpd start
chkconfig httpd on
echo "aws ssm demo to deploy on multiple machines" > /var/www/html/index.html


leave working directory and execution timeout as default
in the Target select the machine manually 
In other parameter - update comments 


7. Select the logs destination 

enable s3 bucket for logs 
select the s3 bucket name 
enable cloudwatch logs 

8. Deploy - check the in the console for status 


click run and wait for the status 
if status is showing success 
copy the ec2 public address and paste in the browser to verify apache installed or not 


Troubleshoot

Make sure in the security group port number 22 and port number 80 allow in inbond
check the IAM permission for correct access
check for the S3 bucket permission 


-----------Ref script to check if apache service running or not --------------

#!/usr/bin/env bash
set -e

echo "Starting httpd..."
if [ -x "$(command -v systemctl)" ]; then
  echo "using systemctl"
  sudo systemctl enable httpd.service
  sudo systemctl start httpd
else
  echo "using upstart"
  sudo start httpd
fi

Location: India

Comments

Post a Comment

Popular posts from this blog

aws kms key with s3 - how to use aws kms key to encrypt data - aws kms s3 demo

Topics to cover in this  what is kms ? types of kms ? create 2 IAM users with s3 full permission how to create kms key  create S3 bucket  configure both users with aws-cli verify both users access with s3 how to enable encryption on s3 bucket  verify  what is kms  aws key management service (aws kms ) is a managed service - here managed service means kms is managed by aws, not by us like kms key update, policy update, kms backup kms key provides the next level of security to our data by providing encryption to data kms key helps us to manage our data securely and also reduce the burden of managing user access with IAM policy or s3 bucket policy  In simple words, key management services or kms help us to encrypt and decrypt the data  types of kms  we have 2 types of kms key provided by aws  symmetric - a single encryption key used for both encrypt and decrypt the data  asymmetric - a public and private key pair that can be used to en...
Read more

aws-ecs demo | amazon elastic container service demo | aws container demo | aws fargate

Image
 aws ecs demo | amazon elastic container service demo | aws container demo | aws fargate Below topics will cover aws ec2 machine creation  install docker on aws linux machine 2  create docker image  create iam user with programmatic access and give permission to  ecs, ecr, ec2 configure user created in above step in linux machine  create ecr repository and push docker image  create task definition create cluster  create service  demo step to create ec2 machine  https://www.blogger.com/blog/post/edit/4755733674328893075/1117922512913062110?hl=en go the aws console, in the search bar search for ec2  click launch instance from the top right side  next select the machine - Amazon Linux 2 AMI in the choose instance type select - t2.micro in the configure instance and add storage step - go with default values give the name of your machine in the add tags section  in the configure security open port 22 and port 80 in the inbound ...
Read more