Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News AWS Adds Multi-Cloud Scripting to EC2 Run Command Feature

AWS Adds Multi-Cloud Scripting to EC2 Run Command Feature

This item in japanese


In late 2015, AWS unveiled the EC2 Run Command feature. It gave operators a single interface for running administrative tasks across a fleet of AWS servers. In June of this year, AWS expanded the scope of the feature to work with servers located in other clouds or data centers.

While AWS CEO Andy Jassy believes that using more than one public cloud is “really difficult and pretty wasteful,” his company is offering a tool that offers “a single, unified way to manage their hybrid environment at scale.” Using EC2 Run Command, teams can run ad-hoc Linux shell scripts or Windows PowerShell commands, install applications and patch the operating system, regardless of where the instance is located. Amazon’s Jeff Barr covered some additional usage scenarios:

Our customers have taken a liking to EC2 Run Command and are making great use of it. Here are a few of the use cases that have been shared with us:

  • Create local users and groups.
  • Scan for missing Windows updates and install them.
  • Install all applicable Windows updates.
  • Manage (start, stop, restart) services.
  • Install packages and applications.
  • Access local log files.

The EC2 Run Command works through agent software running on the target machines. This agent, part of EC2 Simple Systems Manager (SSM) service and found on GitHub, is built into AWS Windows images, and available for manual installation on servers running Amazon Linux, Red Hat Enterprise Linux, CentOS, Ubuntu, and Windows Server. The agent works through an outbound HTTP request, and no inbound ports need to be opened, as explained by Barr.

For simplicity, the agent needs nothing more than the ability to make HTTPS requests to the SSM endpoint in your desired region. These requests can be direct, or can be routed through a proxy or a gateway, as dictated by your network configuration.

Besides running ad-hoc commands, users have a choice as to which pre-defined command “documents” they wish to execute on virtual servers: use one of the thirteen documents offered by AWS, locate a public document written by colleagues or the community, or create a custom document.  The AWS Identity and Access Management (IAM) service governs who is actually allowed to create and execute these commands. Regardless of the document source or where the target machine is located, all execution history is centrally logged to AWS CloudTrail for later auditing. If a command generates a lot of output, users can direct that output to an Amazon S3 bucket for later retrieval. AWS offers a handful of ways to execute commands including the Amazon EC2 Console, AWS SDK, AWS CLI or Microsoft PowerShell.

The EC2 Run Command is free to use and available in all AWS regions. AWS points out a few caveats that users should be aware of. All commands execute asynchronously, and while AWS “manages the queuing, execution, cancellation, and reporting of each command,” order execution isn’t guaranteed. The service also limits users to 60 command per minute, per instance. An individual AWS account supports a maximum of 200 command documents, and documents are only available in the region they were created in. Users should also be aware that commands run with administrative privilege on the target server.

Amazon’s Barr points out that companies have to think about server management differently as their compute consumption evolves.

When you move from a relatively static and homogeneous computing environment where you have a small number of persistent, well-known servers (or instances, using Amazon Elastic Compute Cloud (EC2) terminology) to a larger and more dynamic and heterogeneous environment, you may need to think about managing and controlling those instances in a new way.

There’s been a flurry of multi-cloud management startup acquisitions of over the past year by technology companies—IBM acquired Gravitant, Cisco acquired Cliqr, and CenturyLink recently acquired ElasticBox. Many multi-cloud management tools take a traditional approach to server management and focus on a graphical user interface to catalog, order, and manage virtual machines. AWS CEO Jassay says that these multi-cloud tools force customers to “standardize on the lowest common denominator.” This may explain why developers and system administrators seem to be prefer API-centric tools like the EC2 Run Command that help them work with distributed compute resources in new ways, at scale, on their terms.

Rate this Article