News

Amazon EC2 Run Command Gets an Update

• By Michael Domingo
• 05/23/2016

Amazon Web Services Inc. (AWS) this month enhanced its EC2 Run Command service with a number of new commands and document management and sharing capabilities, as well as open sourced the Simple Systems Manager agent for Linux. 

Introduced back in October 2015, the EC2 Run Command was meant to make it easier for those who needed a little bit of custom or ad hoc control for more than one instance. In a blog written at the time of its initial release, AWS evangelist Jeff Barr noted that it was "designed to support a wide range of enterprise scenarios including installing software, running ad hoc scripts or Microsoft PowerShell commands, [and] configuring Windows Update settings," which can be done through a number of interface tools that AWS has produced for the task.

More granular control of what actions users are able to perform against instances can be done with the AWS Identity and Access Management security access control service, with which the EC2 Run Command is integrated. Any permissions and changes done with the Run Command are also automatically recorded to AWS CloudTrail, in case there's a need to trace and audit usage and access. 

The current mid-May update provides for a document management and sharing capability for command documents executed through the EC2 Run Command. Barr notes that "this will allow you to add additional rigor to your administrative procedures by reducing variability and removing a source of errors," and control is enabled as command documents are shared among accounts within an organization or even among AWS partners.

For those managing EC2 instances running the Windows OS, Barr's blog lists four new additional commands that are available:

• AWS-ListWindowsInventory: Allows for the collection of on-instance inventory information, with the ability to send results to an S3 bucket.
  
  
• AWS-FindWindowsUpdates: Simply finds and lists Windows updates.
  
  
• AWS-InstallMissingWindowsUpdates: Installs any missing updates.
  
  
• AWS-InstallSpecificWindowsUpdates: Provides granular control for installing specific updates, and only those that can be identified via Windows Knowledge Base IDs.

Finally, Barr notes that the Linux version of the Simple Systems Manager agent is now available to the general community for feedback and refinement, now that it is open sourced on GitHub.