https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/walkthrough-cli.html
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 1.2 jqインストール
sudo yum -y install jq
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json
-- 3. ポリシーをロールにアタッチ
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore \
--role-name role01
-- 4. インスタンスプロファイルを作成
aws iam create-instance-profile --instance-profile-name profile01
aws iam list-instance-profiles | grep InstanceProfileName
-- 5. インスタンスプロファイルにロールを追加
aws iam add-role-to-instance-profile --instance-profile-name profile01 --role-name role01
aws iam list-instance-profiles-for-role --role-name role01
-- 6. IAM ロールを使用したEC2インスタンス起動
aws ec2 run-instances \
--image-id ami-0404778e217f54308 \
--instance-type t3.nano \
--key-name key1 \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=instance01}]' \
--instance-market-options '{"MarketType": "spot","SpotOptions": {"SpotInstanceType": "one-time"}}' \
--iam-instance-profile Name="profile01"
aws ec2 describe-instances
-- 7. マネージドノードの確認
aws ssm list-documents
aws ssm describe-instance-information \
--output text \
--query "InstanceInformationList[*]"
aws ssm describe-instance-information \
--instance-information-filter-list key=InstanceIds,valueSet=i-11111111111111111
-- 8. シェルスクリプトを実行してリソースの詳細を表示する
aws ssm describe-document \
--name "AWS-RunShellScript" \
--query "[Document.Name,Document.Description]"
aws ssm describe-document \
--name "AWS-RunShellScript" \
--query "Document.Parameters[*]"
-- 9. AWS-RunShellScript ドキュメントを使用して簡単なコマンドを送信する
aws ssm send-command \
--instance-ids "i-11111111111111111" \
--document-name "AWS-RunShellScript" \
--comment "IP config" \
--parameters commands=ifconfig \
--output text
aws ssm list-command-invocations \
--command-id 22222222-2222-2222-2222-222222222222 \
--details
sh_command_id=$(aws ssm send-command \
--instance-ids "i-11111111111111111" \
--document-name "AWS-RunShellScript" \
--comment "Demo run shell script on Linux managed node" \
--parameters commands=whoami \
--output text \
--query "Command.CommandId")
echo "${sh_command_id}"
aws ssm list-commands \
--command-id "${sh_command_id}"
aws ssm list-command-invocations \
--command-id "${sh_command_id}" \
--details
sh_command_id=$(aws ssm send-command \
--instance-ids "i-11111111111111111" \
--document-name "AWS-RunShellScript" \
--comment "Demo run shell script on Linux Instances" \
--parameters commands='python3 -V' \
--output text --query "Command.CommandId")
echo "${sh_command_id}"
sh -c 'aws ssm list-command-invocations \
--command-id '"${sh_command_id}"' \
--details \
--query "CommandInvocations.CommandPlugins.{Status:Status,Output:Output}"'
-- 10. Run Command を使用して簡単な Python スクリプトを実行する
sh_command_id=$(aws ssm send-command \
--instance-ids "i-11111111111111111" \
--document-name "AWS-RunShellScript" \
--comment "Demo run shell script on Linux Instances" \
--parameters '{"commands":["#!/usr/bin/python","print \"Hello World from python\""]}' \
--output text \
--query "Command.CommandId")
echo "${sh_command_id}"
sh -c 'aws ssm list-command-invocations \
--command-id '"$sh_command_id"' \
--details \
--query "CommandInvocations.CommandPlugins.{Status:Status,Output:Output}"'
-- 11. Run Command を使用して Bash スクリプトを実行する
aws ssm send-command \
--document-name "AWS-RunShellScript" \
--targets '[{"Key":"InstanceIds","Values":["i-11111111111111111"]}]' \
--parameters '{"commands":["#!/bin/bash","yum -y update","yum install -y ruby","cd /home/ec2-user","curl -O https://aws-codedeploy-us-east-2.s3.amazonaws.com/latest/install","chmod +x ./install","./install auto"]}'
sh -c 'aws ssm list-command-invocations \
--command-id '"33333333-3333-3333-3333-333333333333"' \
--details \
--query "CommandInvocations.CommandPlugins.{Status:Status,Output:Output}"'
vim installCodeDeployAgent.json
{
"Parameters": {
"commands": [
"#!/bin/bash",
"yum -y update",
"yum install -y ruby",
"cd /home/ec2-user",
"curl -O https://aws-codedeploy-us-east-2.s3.amazonaws.com/latest/install",
"chmod +x ./install",
"./install auto"
]
}
}
aws ssm send-command \
--document-name "AWS-RunShellScript" \
--targets "Key=InstanceIds,Values=i-11111111111111111" \
--cli-input-json file://installCodeDeployAgent.json
sh -c 'aws ssm list-command-invocations \
--command-id '"44444444-4444-4444-4444-444444444444"' \
--details \
--query "CommandInvocations.CommandPlugins.{Status:Status,Output:Output}"'
-- 12. クリーンアップ
-- EC2インスタンスの削除
aws ec2 describe-instances
aws ec2 terminate-instances --instance-ids i-11111111111111111
-- インスタンスプロファイルの削除
aws iam remove-role-from-instance-profile --instance-profile-name profile01 --role-name role01
aws iam delete-instance-profile --instance-profile-name profile01
aws iam list-instance-profiles | grep InstanceProfileName
-- IAMロールの削除
aws iam list-roles | grep role01
aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
aws iam delete-role --role-name role01
