BT

AWS Adds Multi-Cloud Scripting to EC2 Run Command Feature

| by Richard Seroter Follow 8 Followers on Jul 12, 2016. Estimated reading time: 3 minutes |

In late 2015, AWS unveiled the EC2 Run Command feature. It gave operators a single interface for running administrative tasks across a fleet of AWS servers. In June of this year, AWS expanded the scope of the feature to work with servers located in other clouds or data centers.

While AWS CEO Andy Jassy believes that using more than one public cloud is “really difficult and pretty wasteful,” his company is offering a tool that offers “a single, unified way to manage their hybrid environment at scale.” Using EC2 Run Command, teams can run ad-hoc Linux shell scripts or Windows PowerShell commands, install applications and patch the operating system, regardless of where the instance is located. Amazon’s Jeff Barr covered some additional usage scenarios:

Our customers have taken a liking to EC2 Run Command and are making great use of it. Here are a few of the use cases that have been shared with us:

  • Create local users and groups.
  • Scan for missing Windows updates and install them.
  • Install all applicable Windows updates.
  • Manage (start, stop, restart) services.
  • Install packages and applications.
  • Access local log files.

The EC2 Run Command works through agent software running on the target machines. This agent, part of EC2 Simple Systems Manager (SSM) service and found on GitHub, is built into AWS Windows images, and available for manual installation on servers running Amazon Linux, Red Hat Enterprise Linux, CentOS, Ubuntu, and Windows Server. The agent works through an outbound HTTP request, and no inbound ports need to be opened, as explained by Barr.

For simplicity, the agent needs nothing more than the ability to make HTTPS requests to the SSM endpoint in your desired region. These requests can be direct, or can be routed through a proxy or a gateway, as dictated by your network configuration.

Besides running ad-hoc commands, users have a choice as to which pre-defined command “documents” they wish to execute on virtual servers: use one of the thirteen documents offered by AWS, locate a public document written by colleagues or the community, or create a custom document.  The AWS Identity and Access Management (IAM) service governs who is actually allowed to create and execute these commands. Regardless of the document source or where the target machine is located, all execution history is centrally logged to AWS CloudTrail for later auditing. If a command generates a lot of output, users can direct that output to an Amazon S3 bucket for later retrieval. AWS offers a handful of ways to execute commands including the Amazon EC2 Console, AWS SDK, AWS CLI or Microsoft PowerShell.

The EC2 Run Command is free to use and available in all AWS regions. AWS points out a few caveats that users should be aware of. All commands execute asynchronously, and while AWS “manages the queuing, execution, cancellation, and reporting of each command,” order execution isn’t guaranteed. The service also limits users to 60 command per minute, per instance. An individual AWS account supports a maximum of 200 command documents, and documents are only available in the region they were created in. Users should also be aware that commands run with administrative privilege on the target server.

Amazon’s Barr points out that companies have to think about server management differently as their compute consumption evolves.

When you move from a relatively static and homogeneous computing environment where you have a small number of persistent, well-known servers (or instances, using Amazon Elastic Compute Cloud (EC2) terminology) to a larger and more dynamic and heterogeneous environment, you may need to think about managing and controlling those instances in a new way.

There’s been a flurry of multi-cloud management startup acquisitions of over the past year by technology companies—IBM acquired Gravitant, Cisco acquired Cliqr, and CenturyLink recently acquired ElasticBox. Many multi-cloud management tools take a traditional approach to server management and focus on a graphical user interface to catalog, order, and manage virtual machines. AWS CEO Jassay says that these multi-cloud tools force customers to “standardize on the lowest common denominator.” This may explain why developers and system administrators seem to be prefer API-centric tools like the EC2 Run Command that help them work with distributed compute resources in new ways, at scale, on their terms.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT